USN-6697-1: Bash vulnerability
Severity
medium
Vendor
VMware Tanzu
Versions Affected
- Canonical Ubuntu 22.04
Description
As a security improvement, this update prevents OpenSSL from returning an error when detecting wrong padding in PKCS#1 v1.5 RSA, to prevent its use in possible Bleichenbacher timing attacks. Update Instructions: Run `sudo pro fix USN-6663-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libssl1.1 - 1.1.1-1ubuntu2.1~18.04.23+esm5 libssl-dev - 1.1.1-1ubuntu2.1~18.04.23+esm5 openssl - 1.1.1-1ubuntu2.1~18.04.23+esm5 libssl-doc - 1.1.1-1ubuntu2.1~18.04.23+esm5 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro.
Fixed VMware Products and Versions
- Cflinuxfs4
- 1.83.0 or greater
- Jammy Stemcells
- 1.423 or greater
- Operations Manager Image
- 3.0.26+LTS-T or greater
- Isolation Segment
- 4.0.24+LTS-T or greater
- 5.0.14 or greater
- 6.0.4+LTS-T or greater
- Operations Manager
- 3.0.26+LTS-T or greater
- VMware Tanzu Application Service for VMs
- 4.0.24+LTS-T or greater
- 5.0.14 or greater
- 6.0.4+LTS-T or greater
References
https://ubuntu.com/security/notices/USN-6697-1
https://www.cloudfoundry.org/blog/usn-6697-1
https://cve.mitre.org/cgi-bin/cvename.cgi?name=usn-6697-1
History
2024-03-18: Initial vulnerability report published.