Home / Security / USN-3813-1: pyOpenSSL vulnerabilities | Ubuntu security notices

USN-3813-1: pyOpenSSL vulnerabilities | Ubuntu security notices

8 November 2018

pyopenssl vulnerabilities

A security issue affects these releases of Ubuntu and its derivatives:

Summary

Several security issues were fixed in pyOpenSSL.

Software Description

  • pyopenssl – Python wrapper around the OpenSSL library

Details

It was discovered that pyOpenSSL incorrectly handled memory when handling
X509 objects. A remote attacker could use this issue to cause pyOpenSSL to
crash, resulting in a denial of service, or possibly execute arbitrary
code. (CVE-2018-1000807)

It was discovered that pyOpenSSL incorrectly handled memory when performing
operations on a PKCS #12 store. A remote attacker could possibly use this
issue to cause pyOpenSSL to consume resources, resulting in a denial of
service. (CVE-2018-1000808)

Update instructions

The problem can be corrected by updating your system to the following package versions:

Ubuntu 16.04 LTS
python-openssl0.15.1-2ubuntu0.2
python3-openssl0.15.1-2ubuntu0.2

To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.

In general, a standard system update will make all the necessary changes.

References

Source link

Leave a Reply

Your email address will not be published. Required fields are marked *

*

This site uses Akismet to reduce spam. Learn how your comment data is processed.

x

Check Also

South Korea is Censoring the Internet by Snooping on SNI Traffic

South Korea is Censoring the Internet by Snooping on SNI Traffic

South Korea has been blocking HTTP websites that are on their censor list for a ...