Home / mailings [USN-2367-1] OpenSSL update
Posted on 03 October 2014
Ubuntu Security==========================
==========================
========================
Ubuntu Security Notice USN-2367-1
October 02, 2014
openssl update
==========================
==========================
========================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 12.04 LTS
Summary:
OpenSSL TLSv1.2 support has been improved.
Software Description:
- openssl: Secure Socket Layer (SSL) cryptographic library and tools
Details:
For compatibility reasons, OpenSSL in Ubuntu 12.04 LTS disables TLSv1.2
by default when being used as a client. When forcing the use of TLSv1.2,
another compatibility feature (OPENSSL_MAX_TLS1_2_CIPHER_LENGTH) was used=
that would truncate the cipher list. This would prevent certain ciphers
from being selected, and would prevent secure renegotiations. This update=
removes the cipher list truncation workaround when forcing the use of
TLSv1.2.
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 12.04 LTS:
libssl1.0.0 1.0.1-4ubuntu5.18
After a standard system update you need to reboot your computer to make
all the necessary changes.
References:
http://www.ubuntu.com/usn/usn-2367-1
https://launchpad.net/bugs/1376447
Package Information:
https://launchpad.net/ubuntu/+source/openssl/1.0.1-4ubuntu5.18
