USN-6119-1: OpenSSL vulnerabilities

Read Time:26 Second

Matt Caswell discovered that OpenSSL incorrectly handled certain ASN.1
object identifiers. A remote attacker could possibly use this issue to
cause OpenSSL to consume resources, resulting in a denial of service.
(CVE-2023-2650)

Anton Romanov discovered that OpenSSL incorrectly handled AES-XTS cipher
decryption on 64-bit ARM platforms. An attacker could possibly use this
issue to cause OpenSSL to crash, resulting in a denial of service. This
issue only affected Ubuntu 22.04 LTS, Ubuntu 22.10, and Ubuntu 23.04.
(CVE-2023-1255)

Read More