Package "openssl"

  openssl (3.0.2-0ubuntu1.14) jammy-security; urgency=medium

  * SECURITY UPDATE: Excessive time spent in DH check / generation with
    large Q parameter value
    - debian/patches/CVE-2023-5678.patch: make DH_check_pub_key() and
      DH_generate_key() safer yet in crypto/dh/dh_check.c,
      crypto/dh/dh_err.c, crypto/dh/dh_key.c, crypto/err/openssl.txt,
      include/crypto/dherr.h, include/openssl/dh.h,
      include/openssl/dherr.h.
    - CVE-2023-5678
  * SECURITY UPDATE: POLY1305 MAC implementation corrupts vector registers
    on PowerPC
    - debian/patches/CVE-2023-6129.patch: fix vector register clobbering in
      crypto/poly1305/asm/poly1305-ppc.pl.
    - CVE-2023-6129
  * SECURITY UPDATE: Excessive time spent checking invalid RSA public keys
    - debian/patches/CVE-2023-6237.patch: limit the execution time of RSA
      public key check in crypto/rsa/rsa_sp800_56b_check.c,
      test/recipes/91-test_pkey_check.t,
      test/recipes/91-test_pkey_check_data/rsapub_17k.pem.
    - CVE-2023-6237
  * SECURITY UPDATE: PKCS12 Decoding crashes
    - debian/patches/CVE-2024-0727.patch: add NULL checks where ContentInfo
      data can be NULL in crypto/pkcs12/p12_add.c,
      crypto/pkcs12/p12_mutl.c, crypto/pkcs12/p12_npas.c,
      crypto/pkcs7/pk7_mime.c.
    - CVE-2024-0727

 -- Marc Deslauriers <email address hidden> Wed, 31 Jan 2024 13:43:23 -0500

  openssl (3.0.2-0ubuntu1.13) jammy; urgency=medium

  * Fix (upstream): crash when using an engine for ciphers used by DRBG
    (LP: #2023545)
    - lp2023545/0001-Release-the-drbg-in-the-global-default-context-befor.patch
  * Fix (upstream): do not ignore return values for S/MIME signature
    (LP: #1994165)
    - lp1994165/0001-REGRESSION-CMS_final-do-not-ignore-CMS_dataFinal-res.patch
  * Perf (upstream): don't empty method stores and provider synchronization
    records when flushing the query cache (LP: #2033422)
    - lp2033422/0001-Drop-ossl_provider_clear_all_operation_bits-and-all-.patch
    - lp2033422/0002-Refactor-method-construction-pre-and-post-condition.patch
    - lp2033422/0003-Don-t-empty-the-method-store-when-flushing-the-query.patch
    - lp2033422/0004-Make-it-possible-to-remove-methods-by-the-provider-t.patch
    - lp2033422/0005-Complete-the-cleanup-of-an-algorithm-in-OSSL_METHOD_.patch
    - lp2033422/0006-For-child-libctx-provider-don-t-count-self-reference.patch
    - lp2033422/0007-Add-method-store-cache-flush-and-method-removal-to-n.patch

 -- Adrien Nader <email address hidden> Tue, 09 Jan 2024 11:42:50 +0100

  openssl (3.0.2-0ubuntu1.12) jammy-security; urgency=medium

  [ Marc Deslauriers ]
  * SECURITY UPDATE: AES-SIV implementation ignores empty associated data
    entries
    - debian/patches/CVE-2023-2975.patch: do not ignore empty associated
      data with AES-SIV mode in
      providers/implementations/ciphers/cipher_aes_siv.c.
    - CVE-2023-2975
  * SECURITY UPDATE: Incorrect cipher key and IV length processing
    - debian/patches/CVE-2023-5363-1.patch: process key length and iv
      length early if present in crypto/evp/evp_enc.c.
    - debian/patches/CVE-2023-5363-2.patch: add unit test in
      test/evp_extra_test.c.
    - CVE-2023-5363

  [ Ian Constantin ]
  * SECURITY UPDATE: denial of service
    - debian/patches/CVE-2023-3446.patch: adds check to prevent the testing of
      an excessively large modulus in DH_check().
    - CVE-2023-3446
  * SECURITY UPDATE: denial of service
    - debian/patches/CVE-2023-3817.patch: adds check to prevent the testing of
      invalid q values in DH_check().
    - CVE-2023-3817

 -- Marc Deslauriers <email address hidden> Fri, 13 Oct 2023 08:02:49 -0400

  openssl (3.0.2-0ubuntu1.10) jammy-security; urgency=medium

  * SECURITY UPDATE: DoS in AES-XTS cipher decryption
    - debian/patches/CVE-2023-1255.patch: avoid buffer overrread in
      crypto/aes/asm/aesv8-armx.pl.
    - CVE-2023-1255
  * SECURITY UPDATE: Possible DoS translating ASN.1 object identifiers
    - debian/patches/CVE-2023-2650.patch: restrict the size of OBJECT
      IDENTIFIERs that OBJ_obj2txt will translate in
      crypto/objects/obj_dat.c.
    - CVE-2023-2650
  * Replace CVE-2022-4304 fix with improved version
    - debian/patches/CVE-2022-4304.patch: use alternative fix in
      crypto/bn/bn_asm.c, crypto/bn/bn_blind.c, crypto/bn/bn_lib.c,
      crypto/bn/bn_local.h, crypto/rsa/rsa_ossl.c.

 -- Marc Deslauriers <email address hidden> Wed, 24 May 2023 13:12:55 -0400

  openssl (3.0.2-0ubuntu1.9) jammy-security; urgency=medium

  * SECURITY UPDATE: double locking when processing X.509 certificate policy
    constraints
    - debian/patches/CVE-2022-3996-1.patch: revert commit 9aa4be69 and remove
      redundant flag setting.
    - debian/patches/CVE-2022-3996-2.patch: add test case for reported
      deadlock.
    - CVE-2022-3996
  * SECURITY UPDATE: excessive resource use when verifying policy constraints
    - debian/patches/CVE-2023-0464-1.patch: limit the number of nodes created
      in a policy tree (the default limit is set to 1000 nodes).
    - debian/patches/CVE-2023-0464-2.patch: add test cases for the policy
      resource overuse.
    - debian/patches/CVE-2023-0464-3.patch: disable the policy tree
      exponential growth test conditionally.
    - CVE-2023-0464
  * SECURITY UPDATE: invalid certificate policies ignored in leaf certificates
    - debian/patches/CVE-2023-0465-1.patch: ensure that EXFLAG_INVALID_POLICY
      is checked even in leaf certs.
    - debian/patches/CVE-2023-0465-2.patch: generate some certificates with
      the certificatePolicies extension.
    - debian/patches/CVE-2023-0465-3.patch: add a certificate policies test.
    - CVE-2023-0466
  * SECURITY UPDATE: certificate policy check in X509_VERIFY_PARAM_add0_policy
    not enabled as documented
    - debian/patches/CVE-2023-0466.patch: fix documentation of
      X509_VERIFY_PARAM_add0_policy().
    - CVE-2023-0466

 -- Camila Camargo de Matos <email address hidden> Mon, 17 Apr 2023 15:12:58 -0300