Package "openssl"
Name: |
openssl
|
Description: |
Secure Sockets Layer toolkit - cryptographic utility
|
Latest version: |
3.0.2-0ubuntu1.20 |
Release: |
jammy (22.04) |
Level: |
security |
Repository: |
main |
Homepage: |
https://www.openssl.org/ |
Links
Download "openssl"
Other versions of "openssl" in Jammy
Packages in group
Deleted packages are displayed in grey.
Changelog
openssl (3.0.2-0ubuntu1.20) jammy-security; urgency=medium
* SECURITY UPDATE: Out-of-bounds read & write in RFC 3211 KEK Unwrap
- debian/patches/CVE-2025-9230.patch: fix incorrect check of unwrapped
key size in crypto/cms/cms_pwri.c.
- CVE-2025-9230
-- Marc Deslauriers <email address hidden> Thu, 18 Sep 2025 08:06:16 -0400
|
Source diff to previous version |
|
openssl (3.0.2-0ubuntu1.19) jammy-security; urgency=medium
* SECURITY UPDATE: Low-level invalid GF(2^m) parameters lead to OOB
memory access
- debian/patches/CVE-2024-9143.patch: harden BN_GF2m_poly2arr against
misuse in crypto/bn/bn_gf2m.c, test/ec_internal_test.c.
- CVE-2024-9143
* SECURITY UPDATE: A timing side-channel which could potentially allow
recovering the private key exists in the ECDSA signature computation
- debian/patches/CVE-2024-13176.patch: Fix timing side-channel in
ECDSA signature computation in crypto/bn/bn_exp.c,
crypto/ec/ec_lib.c, include/crypto/bn.h.
- CVE-2024-13176
-- Marc Deslauriers <email address hidden> Wed, 05 Feb 2025 08:19:41 -0500
|
Source diff to previous version |
CVE-2024-9143 |
Issue summary: Use of the low-level GF(2^m) elliptic curve APIs with untrusted explicit values for the field polynomial can lead to out-of-bounds mem |
CVE-2024-13176 |
Issue summary: A timing side-channel which could potentially allow recovering the private key exists in the ECDSA signature computation. Impact summ |
|
openssl (3.0.2-0ubuntu1.17) jammy-security; urgency=medium
* SECURITY UPDATE: unbounded mem growth when processing TLSv1.3 sessions
- debian/patches/CVE-2024-2511.patch: fix unconstrained session cache
growth in TLSv1.3 in ssl/ssl_lib.c, ssl/ssl_sess.c,
ssl/statem/statem_srvr.c.
- CVE-2024-2511
* SECURITY UPDATE: checking excessively long DSA keys or params very slow
- debian/patches/CVE-2024-4603.patch: check DSA parameters for
excessive sizes before validating in crypto/dsa/dsa_check.c,
test/recipes/15-test_dsaparam_data/invalid/p10240_q256_too_big.pem.
- CVE-2024-4603
* SECURITY UPDATE: use after free with SSL_free_buffers
- debian/patches/CVE-2024-4741.patch: only free the read buffers if
we're not using them in ssl/record/rec_layer_s3.c,
ssl/record/record.h, ssl/ssl_lib.c.
- CVE-2024-4741
* SECURITY UPDATE: crash or memory disclosure via SSL_select_next_proto
- debian/patches/CVE-2024-5535.patch: validate provided client list in
ssl/ssl_lib.c.
- CVE-2024-5535
-- Marc Deslauriers <email address hidden> Tue, 30 Jul 2024 11:18:05 -0400
|
Source diff to previous version |
CVE-2024-2511 |
Issue summary: Some non-default TLS server configurations can cause unbounded memory growth when processing TLSv1.3 sessions Impact summary: An atta |
CVE-2024-4603 |
Issue summary: Checking excessively long DSA keys or parameters may be very slow. Impact summary: Applications that use the functions EVP_PKEY_param |
CVE-2024-4741 |
Use After Free with SSL_free_buffers |
CVE-2024-5535 |
Issue summary: Calling the OpenSSL API function SSL_select_next_proto with an empty supported client protocols buffer may cause a crash or memory con |
|
openssl (3.0.2-0ubuntu1.16) jammy-security; urgency=medium
* SECURITY UPDATE: Excessive time spent in DH modular-exponentiation
calcuations when using long exponents.
- debian/patches/CVE-2022-40735-1.patch: Use the minimum key length
for known safe primes as per RFC 7919 in crypto/dh/dh_group_params.c,
crypto/ffc/ffc_backend.c, crypto/ffc/ffc_dh.c,
crypto/ffc/ffc_key_generate.c, include/internal/ffc.h and
test/ffc_internal_test.c
- debian/patches/CVE-2022-40735-2.patch: print DH key length in
providers/implementations/encode_decode/encode_key2text.c,
test/recipes/30-test_evp_pkey_provided/DH.priv.txt and
test/recipes/30-test_evp_pkey_provided/DH.pub.txt
- debian/patches/CVE-2022-40735-3.patch: test that short private keys
are generated when using a known safe DH prime in
test/evp_extra_test2.c
- debian/patches/CVE-2022-40735-4.patch: copy keylength when copying
FFC parameters in crypto/ffc/ffc_params.c and test/ffc_internal_test.c
- CVE-2022-40735
-- Alex Murray <email address hidden> Wed, 05 Jun 2024 12:58:14 +0930
|
CVE-2022-40735 |
The Diffie-Hellman Key Agreement Protocol allows use of long exponents that arguably make certain calculations unnecessarily expensive, because the 1 |
|
About
-
Send Feedback to @ubuntu_updates