OpenSSL Vulnerabilities Patched in Ubuntu 18.04 - #CVE-2023-3446
Multiple security vulnerabilities were found in OpenSSL, software used to secure internet communications. The vulnerabilities could lead to denial-of-service attacks that disrupt services. The Ubuntu security team released updates for Ubuntu 16.04 and Ubuntu 18.04 to fix these issues.The vulnerabilities include slow checking of long Diffie-Hellman keys leading to denial-of-service when checking untrusted data, large 'q' parameters causing prolonged computations and potential denial-of-service, excessively long X9.42 keys or parameters that could cause resource exhaustion denial-of-service, and a NULL pointer dereference crash when processing malicious PKCS12 files. Users should update OpenSSL to mitigate these vulnerabilities.