Package "openssl"
Name: |
openssl
|
Description: |
Secure Sockets Layer toolkit - cryptographic utility
|
Latest version: |
1.1.1f-1ubuntu2.23 |
Release: |
focal (20.04) |
Level: |
updates |
Repository: |
main |
Homepage: |
https://www.openssl.org/ |
Links
Download "openssl"
Other versions of "openssl" in Focal
Packages in group
Deleted packages are displayed in grey.
Changelog
openssl (1.1.1f-1ubuntu2.23) focal-security; urgency=medium
* SECURITY UPDATE: unbounded mem growth when processing TLSv1.3 sessions
- debian/patches/CVE-2024-2511.patch: fix unconstrained session cache
growth in TLSv1.3 in ssl/ssl_lib.c, ssl/ssl_sess.c,
ssl/statem/statem_srvr.c.
- CVE-2024-2511
* SECURITY UPDATE: use after free with SSL_free_buffers
- debian/patches/CVE-2024-4741.patch: only free the read buffers if
we're not using them in ssl/record/rec_layer_s3.c,
ssl/record/record.h, ssl/ssl_lib.c.
- CVE-2024-4741
* SECURITY UPDATE: crash or memory disclosure via SSL_select_next_proto
- debian/patches/CVE-2024-5535.patch: validate provided client list in
ssl/ssl_lib.c.
- CVE-2024-5535
-- Marc Deslauriers <email address hidden> Tue, 30 Jul 2024 12:36:54 -0400
|
Source diff to previous version |
CVE-2024-2511 |
Issue summary: Some non-default TLS server configurations can cause unbounded memory growth when processing TLSv1.3 sessions Impact summary: An atta |
CVE-2024-4741 |
Use After Free with SSL_free_buffers |
CVE-2024-5535 |
Issue summary: Calling the OpenSSL API function SSL_select_next_proto with an empty supported client protocols buffer may cause a crash or memory con |
|
openssl (1.1.1f-1ubuntu2.22) focal-security; urgency=medium
* SECURITY UPDATE: Implicit rejection for RSA PKCS#1 (LP: #2054090)
- debian/patches/openssl-1.1.1-pkcs1-implicit-rejection.patch:
Return deterministic random output instead of an error in case
there is a padding error in crypto/cms/cms_env.c,
crypto/pkcs7/pk7_doit.c, crypto/rsa/rsa_local.h,
crypto/rsa/rsa_ossl.c, crypto/rsa/rsa_pk1.c, crypto/rsa/rsa_pmeth.c,
doc/man1/pkeyutl.pod, doc/man1/rsautl.pod,
doc/man3/EVP_PKEY_CTX_ctrl.pod, doc/man3/EVP_PKEY_decrypt.pod,
doc/man3/RSA_padding_add_PKCS1_type_1.pod,
doc/man3/RSA_public_encrypt.pod, include/openssl/rsa.h and
test/recipes/30-test_evp_data/evppkey.txt.
-- David Fernandez Gonzalez <email address hidden> Fri, 16 Feb 2024 16:41:31 +0100
|
Source diff to previous version |
2054090 |
Implicit rejection of PKCS#1 v1.5 RSA |
|
openssl (1.1.1f-1ubuntu2.21) focal-security; urgency=medium
* SECURITY UPDATE: Excessive time spent in DH check / generation with
large Q parameter value
- debian/patches/CVE-2023-5678.patch: make DH_check_pub_key() and
DH_generate_key() safer yet in crypto/dh/dh_check.c,
crypto/dh/dh_err.c, crypto/dh/dh_key.c, crypto/err/openssl.txt,
include/openssl/dh.h, include/openssl/dherr.h.
- CVE-2023-5678
* SECURITY UPDATE: PKCS12 Decoding crashes
- debian/patches/CVE-2024-0727.patch: add NULL checks where ContentInfo
data can be NULL in crypto/pkcs12/p12_add.c,
crypto/pkcs12/p12_mutl.c, crypto/pkcs12/p12_npas.c,
crypto/pkcs7/pk7_mime.c.
- CVE-2024-0727
-- Marc Deslauriers <email address hidden> Wed, 31 Jan 2024 15:45:27 -0500
|
Source diff to previous version |
CVE-2023-5678 |
Issue summary: Generating excessively long X9.42 DH keys or checking excessively long X9.42 DH keys or parameters may be very slow. Impact summary: |
CVE-2024-0727 |
Issue summary: Processing a maliciously formatted PKCS12 file may lead OpenSSL to crash leading to a potential Denial of Service attack Impact summa |
|
openssl (1.1.1f-1ubuntu2.20) focal-security; urgency=medium
* SECURITY UPDATE: denial of service
- debian/patches/CVE-2023-3446.patch: adds check to prevent the testing of
an excessively large modulus in DH_check().
- CVE-2023-3446
* SECURITY UPDATE: denial of service
- debian/patches/CVE-2023-3817.patch: adds check to prevent the testing of
invalid q values in DH_check().
- CVE-2023-3817
-- Ian Constantin <email address hidden> Tue, 10 Oct 2023 12:03:48 +0300
|
Source diff to previous version |
openssl (1.1.1f-1ubuntu2.19) focal-security; urgency=medium
* SECURITY UPDATE: Possible DoS translating ASN.1 object identifiers
- debian/patches/CVE-2023-2650.patch: restrict the size of OBJECT
IDENTIFIERs that OBJ_obj2txt will translate in
crypto/objects/obj_dat.c.
- CVE-2023-2650
* Replace CVE-2022-4304 fix with improved version
- debian/patches/CVE-2022-4304.patch: remove previous fix.
- debian/patches/CVE-2022-4304-1.patch: use alternative fix in
crypto/bn/bn_asm.c, crypto/bn/bn_blind.c, crypto/bn/bn_lib.c,
crypto/bn/bn_local.h, crypto/rsa/rsa_ossl.c.
- debian/patches/CVE-2022-4304-2.patch: re-add
BN_F_OSSL_BN_RSA_DO_UNBLIND which was incorrectly removed in
include/openssl/bnerr.h.
-- Marc Deslauriers <email address hidden> Wed, 24 May 2023 13:14:51 -0400
|
|
About
-
Send Feedback to @ubuntu_updates