1. Home
  2. Security Advisories
  3. Ubuntu
  4. USN-5051-3

[USN-5051-3] OpenSSL vulnerability

Severity Medium
Affected Packages 3
CVEs 1
Info Packages Vulnerabilities

OpenSSL could be made to crash or expose sensitive information if it received a specially crafted ASN.1 string.

USN-5051-1 fixed a vulnerability in OpenSSL. This update provides the
corresponding update for the openssl1.0 package in Ubuntu 18.04 LTS.

Original advisory details:

Ingo Schwarze discovered that OpenSSL incorrectly handled certain ASN.1
strings. A remote attacker could use this issue to cause OpenSSL to crash,
resulting in a denial of service, or possibly obtain sensitive information.
(CVE-2021-3712)

Package Affected Version
pkg:deb/ubuntu/openssl1.0?distro=bionic < 1.0.2n-1ubuntu5.7
pkg:deb/ubuntu/libssl1.0.0?distro=bionic < 1.0.2n-1ubuntu5.7
pkg:deb/ubuntu/libssl1.0-dev?distro=bionic < 1.0.2n-1ubuntu5.7
ID
USN-5051-3
Severity
medium
URL
https://ubuntu.com/security/notices/USN-5051-3
Published
2021-08-26T12:53:57
(3 years ago)
Modified
2021-08-26T12:53:57
(3 years ago)
Other Advisories
Type Package URL Namespace Name / Product Version Distribution / Platform Arch Patch / Fix
Affected pkg:deb/ubuntu/openssl1.0?distro=bionic ubuntu openssl1.0 < 1.0.2n-1ubuntu5.7 bionic
Affected pkg:deb/ubuntu/libssl1.0.0?distro=bionic ubuntu libssl1.0.0 < 1.0.2n-1ubuntu5.7 bionic
Affected pkg:deb/ubuntu/libssl1.0-dev?distro=bionic ubuntu libssl1.0-dev < 1.0.2n-1ubuntu5.7 bionic
# CVE Description CVSS EPSS EPSS Trend (30 days) Affected Products Weaknesses Security Advisories Exploits PoC Pubblication Date Modification Date
# CVE Description CVSS EPSS EPSS Trend (30 days) Affected Products Weaknesses Security Advisories PoC Pubblication Date Modification Date