Today, May 3, 2016, Canonical has issued an Ubuntu security notice to inform the community about the availability of new OpenSSL versions that patch various vulnerabilities discovered upstream by various developers.
The OpenSSL security notice is valid for the Ubuntu 16.04 LTS (Xenial Xerus), Ubuntu 15.10 (Wily Werewolf), Ubuntu 14.04 LTS (Trusty Tahr), and Ubuntu 12.04 LTS (Precise Pangolin). It details a total of five security issues that have been fixed in OpenSSL, which contains the Secure Socket Layer (SSL) cryptographic library and tools.
“A security issue affects these releases of Ubuntu and its derivatives, Ubuntu 16.04 LTS, Ubuntu 15.10, Ubuntu 14.04 LTS, and Ubuntu 12.04 LTS,” reads today’s security notice. “As a security improvement, this update also modifies OpenSSL behaviour to reject DH key sizes below 1024 bits, preventing a possible downgrade attack.”
Users are urged to upgrade as soon as possible
To learn about the OpenSSL vulnerabilities fixed in this update pushed today by Canonical for all supported Ubuntu Linux operating systems, we recommend reading the Ubuntu Security Notice USN-2959-1, but before anything else, you are advised to update your system to the new OpenSSL versions as soon as possible.
For Ubuntu 16.04 LTS (Xenial Xerus), you need to upgrade to libssl1.0.0 1.0.2g-1ubuntu4.1; for Ubuntu 15.10 (Wily Werewolf), please update to libssl1.0.0 1.0.2d-0ubuntu1.5; for Ubuntu 14.04 LTS (Trusty Tahr) make sure that you update to libssl1.0.0 1.0.1f-1ubuntu2.19, and finally, for Ubuntu 12.04 LTS (Precise Pangolin) update to libssl1.0.0 1.0.1-4ubuntu5.36.
To update on an Ubuntu Desktop system, open Unity Dash, search for the Software Updater utility, wait for it to reload the software sources and find available updates, and then click the “Install All” button to install the updated packages. If you’re using Ubuntu Server, you need to run the usual “sudo apt-get update && sudo apt-get dist-upgrade” routine.