UbuntuUpdates.org

Package "libssl-dev"

Name: libssl-dev

Description:

Secure Sockets Layer toolkit - development files

Latest version: 1.1.1f-1ubuntu2.22
Release: focal (20.04)
Level: updates
Repository: main
Head package: openssl
Homepage: https://www.openssl.org/

Links


Download "libssl-dev"


Other versions of "libssl-dev" in Focal

Repository Area Version
base main 1.1.1f-1ubuntu2
security main 1.1.1f-1ubuntu2.22

Changelog

Version: 1.1.1f-1ubuntu2.22 2024-02-27 14:06:54 UTC

  openssl (1.1.1f-1ubuntu2.22) focal-security; urgency=medium

  * SECURITY UPDATE: Implicit rejection for RSA PKCS#1 (LP: #2054090)
    - debian/patches/openssl-1.1.1-pkcs1-implicit-rejection.patch:
      Return deterministic random output instead of an error in case
      there is a padding error in crypto/cms/cms_env.c,
      crypto/pkcs7/pk7_doit.c, crypto/rsa/rsa_local.h,
      crypto/rsa/rsa_ossl.c, crypto/rsa/rsa_pk1.c, crypto/rsa/rsa_pmeth.c,
      doc/man1/pkeyutl.pod, doc/man1/rsautl.pod,
      doc/man3/EVP_PKEY_CTX_ctrl.pod, doc/man3/EVP_PKEY_decrypt.pod,
      doc/man3/RSA_padding_add_PKCS1_type_1.pod,
      doc/man3/RSA_public_encrypt.pod, include/openssl/rsa.h and
      test/recipes/30-test_evp_data/evppkey.txt.

 -- David Fernandez Gonzalez <email address hidden> Fri, 16 Feb 2024 16:41:31 +0100

Source diff to previous version
2054090 Implicit rejection of PKCS#1 v1.5 RSA

Version: 1.1.1f-1ubuntu2.21 2024-02-05 13:09:20 UTC

  openssl (1.1.1f-1ubuntu2.21) focal-security; urgency=medium

  * SECURITY UPDATE: Excessive time spent in DH check / generation with
    large Q parameter value
    - debian/patches/CVE-2023-5678.patch: make DH_check_pub_key() and
      DH_generate_key() safer yet in crypto/dh/dh_check.c,
      crypto/dh/dh_err.c, crypto/dh/dh_key.c, crypto/err/openssl.txt,
      include/openssl/dh.h, include/openssl/dherr.h.
    - CVE-2023-5678
  * SECURITY UPDATE: PKCS12 Decoding crashes
    - debian/patches/CVE-2024-0727.patch: add NULL checks where ContentInfo
      data can be NULL in crypto/pkcs12/p12_add.c,
      crypto/pkcs12/p12_mutl.c, crypto/pkcs12/p12_npas.c,
      crypto/pkcs7/pk7_mime.c.
    - CVE-2024-0727

 -- Marc Deslauriers <email address hidden> Wed, 31 Jan 2024 15:45:27 -0500

Source diff to previous version
CVE-2023-5678 Issue summary: Generating excessively long X9.42 DH keys or checking excessively long X9.42 DH keys or parameters may be very slow. Impact summary:
CVE-2024-0727 Issue summary: Processing a maliciously formatted PKCS12 file may lead OpenSSL to crash leading to a potential Denial of Service attack Impact summa

Version: 1.1.1f-1ubuntu2.20 2023-10-25 12:13:52 UTC

  openssl (1.1.1f-1ubuntu2.20) focal-security; urgency=medium

  * SECURITY UPDATE: denial of service
    - debian/patches/CVE-2023-3446.patch: adds check to prevent the testing of
      an excessively large modulus in DH_check().
    - CVE-2023-3446
  * SECURITY UPDATE: denial of service
    - debian/patches/CVE-2023-3817.patch: adds check to prevent the testing of
      invalid q values in DH_check().
    - CVE-2023-3817

 -- Ian Constantin <email address hidden> Tue, 10 Oct 2023 12:03:48 +0300

Source diff to previous version

Version: 1.1.1f-1ubuntu2.19 2023-05-30 17:07:06 UTC

  openssl (1.1.1f-1ubuntu2.19) focal-security; urgency=medium

  * SECURITY UPDATE: Possible DoS translating ASN.1 object identifiers
    - debian/patches/CVE-2023-2650.patch: restrict the size of OBJECT
      IDENTIFIERs that OBJ_obj2txt will translate in
      crypto/objects/obj_dat.c.
    - CVE-2023-2650
  * Replace CVE-2022-4304 fix with improved version
    - debian/patches/CVE-2022-4304.patch: remove previous fix.
    - debian/patches/CVE-2022-4304-1.patch: use alternative fix in
      crypto/bn/bn_asm.c, crypto/bn/bn_blind.c, crypto/bn/bn_lib.c,
      crypto/bn/bn_local.h, crypto/rsa/rsa_ossl.c.
    - debian/patches/CVE-2022-4304-2.patch: re-add
      BN_F_OSSL_BN_RSA_DO_UNBLIND which was incorrectly removed in
      include/openssl/bnerr.h.

 -- Marc Deslauriers <email address hidden> Wed, 24 May 2023 13:14:51 -0400

Source diff to previous version
CVE-2023-2650 openssl Possible DoS translating ASN.1 object identifiers
CVE-2022-4304 openssl: Timing Oracle in RSA Decryption

Version: 1.1.1f-1ubuntu2.18 2023-04-25 19:07:19 UTC

  openssl (1.1.1f-1ubuntu2.18) focal-security; urgency=medium

  * SECURITY UPDATE: excessive resource use when verifying policy constraints
    - debian/patches/CVE-2023-0464-1.patch: limit the number of nodes created
      in a policy tree (the default limit is set to 1000 nodes).
    - debian/patches/CVE-2023-0464-2.patch: add test cases for the policy
      resource overuse.
    - debian/patches/CVE-2023-0464-3.patch: disable the policy tree
      exponential growth test conditionally.
    - CVE-2023-0464
  * SECURITY UPDATE: invalid certificate policies ignored in leaf certificates
    - debian/patches/CVE-2023-0465-1.patch: ensure that EXFLAG_INVALID_POLICY
      is checked even in leaf certs.
    - debian/patches/CVE-2023-0465-2.patch: generate some certificates with
      the certificatePolicies extension.
    - debian/patches/CVE-2023-0465-3.patch: add a certificate policies test.
    - CVE-2023-0466
  * SECURITY UPDATE: certificate policy check in X509_VERIFY_PARAM_add0_policy
    not enabled as documented
    - debian/patches/CVE-2023-0466.patch: fix documentation of
      X509_VERIFY_PARAM_add0_policy().
    - CVE-2023-0466

 -- Camila Camargo de Matos <email address hidden> Mon, 17 Apr 2023 15:11:39 -0300

CVE-2023-0464 A security vulnerability has been identified in all supported versions of OpenSSL related to the verification of X.509 certificate chains that includ



About   -   Send Feedback to @ubuntu_updates