OpenSSL Regression Fixed in Ubuntu 12.10 and Ubuntu 12.04 LTS

On February 20, Canonical published in a security notice details about OpenSSL vulnerabilities for its Ubuntu 12.10 and Ubuntu 12.04 LTS operating systems.

According to Canonical, the USN-1732-1 update introduced a regression in OpenSSL.

The fix for CVE-2013-0166 and CVE-2012-2686 introduced a regression causing decryption failures on hardware supporting AES-NI. This update temporarily reverts the security fix pending further investigation.

For a more detailed description of the security problems, you can visit Canonical's security notification.

The security flaws can be fixed if you upgrade your system(s) to the latest libssl package, specific to each distribution. To apply the update, run the Update Manager application.

After a standard system update, you need to reboot your computer to make all the necessary changes.

To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.