USN-2913-3: OpenSSL update

Ubuntu Security Notice USN-2913-3

24th February, 2016

openssl update

A security issue affects these releases of Ubuntu and its
derivatives:

  • Ubuntu 14.04 LTS
  • Ubuntu 12.04 LTS

Summary

Updated OpenSSL packages are required for the USN-2913-1 update.

Software description

  • openssl
    – Secure Socket Layer (SSL) cryptographic library and tools

Details

USN-2913-1 removed 1024-bit RSA CA certificates from the ca-certificates
package. This update adds support for alternate certificate chains to the
OpenSSL package to properly handle the removal.

Original advisory details:

The ca-certificates package contained outdated CA certificates. This update
refreshes the included certificates to those contained in the 20160104
package, including the removal of the SPI CA and CA certificates with
1024-bit RSA keys.

Update instructions

The problem can be corrected by updating your system to the following
package version:

Ubuntu 14.04 LTS:
libssl1.0.0

1.0.1f-1ubuntu2.17
Ubuntu 12.04 LTS:
libssl1.0.0

1.0.1-4ubuntu5.34

To update your system, please follow these instructions:
https://wiki.ubuntu.com/Security/Upgrades.

After a standard system update you need to reboot your computer to make
all the necessary changes.

References

LP: 1528645

Leave a Reply