CVE-2017-3737 Ubuntu Security Notification for Openssl Vulnerabilities (USN-3512-1)

It was discovered that OpenSSL did not correctly prevent buggy applications that ignore handshake errors from subsequently calling certain functions.

It was discovered that OpenSSL incorrectly performed the x86_64 Montgomery multiplication procedure.

This may allow unauthorized disclosure of information (CVE-2017-3737)

A remote attacker could possibly use this issue to recover private keys. (CVE-2017-3738)

Refer to Ubuntu advisory USN-3512-1 for affected packages and patching details, or update with your package manager.

Patch:
Following are links for downloading patches to fix the vulnerabilities:

USN-3512-1: 16.04 (Xenial) on src (libssl1.0.0)

USN-3512-1: 17.10 (artful) on src (libssl1.0.0)

USN-3512-1: 17.04 (zesty) on src (libssl1.0.0)