Package "openssl"
| Name: |
openssl
|
Description: |
Secure Sockets Layer toolkit - cryptographic utility
|
| Latest version: |
3.0.13-0ubuntu3.7 |
| Release: |
noble (24.04) |
| Level: |
updates |
| Repository: |
main |
| Homepage: |
https://www.openssl.org/ |
Links
Download "openssl"
Other versions of "openssl" in Noble
Packages in group
Deleted packages are displayed in grey.
Changelog
|
openssl (3.0.13-0ubuntu3.7) noble-security; urgency=medium
* SECURITY UPDATE: Stack buffer overflow in CMS AuthEnvelopedData parsing
- debian/patches/CVE-2025-15467-1.patch: correct handling of
AEAD-encrypted CMS with inadmissibly long IV in crypto/evp/evp_lib.c.
- debian/patches/CVE-2025-15467-2.patch: some comments to clarify
functions usage in crypto/asn1/evp_asn1.c.
- debian/patches/CVE-2025-15467-3.patch: test for handling of
AEAD-encrypted CMS with inadmissibly long IV in test/cmsapitest.c,
test/recipes/80-test_cmsapi.t,
test/recipes/80-test_cmsapi_data/encDataWithTooLongIV.pem.
- CVE-2025-15467
* SECURITY UPDATE: Heap out-of-bounds write in BIO_f_linebuffer on short
writes
- debian/patches/CVE-2025-68160.patch: fix heap buffer overflow in
BIO_f_linebuffer in crypto/bio/bf_lbuf.c.
- CVE-2025-68160
* SECURITY UPDATE: Unauthenticated/unencrypted trailing bytes with
low-level OCB function calls
- debian/patches/CVE-2025-69418.patch: fix OCB AES-NI/HW stream path
unauthenticated/unencrypted trailing bytes in crypto/modes/ocb128.c.
- CVE-2025-69418
* SECURITY UPDATE: Out of bounds write in PKCS12_get_friendlyname() UTF-8
conversion
- debian/patches/CVE-2025-69419.patch: check return code of UTF8_putc
in crypto/asn1/a_strex.c, crypto/pkcs12/p12_utl.c.
- CVE-2025-69419
* SECURITY UPDATE: Missing ASN1_TYPE validation in
TS_RESP_verify_response() function
- debian/patches/CVE-2025-69420.patch: verify ASN1 object's types
before attempting to access them as a particular type in
crypto/ts/ts_rsp_verify.c.
- CVE-2025-69420
* SECURITY UPDATE: NULL Pointer Dereference in PKCS12_item_decrypt_d2i_ex
- debian/patches/CVE-2025-69421.patch: add NULL check in
crypto/pkcs12/p12_decr.c.
- CVE-2025-69421
* SECURITY UPDATE: ASN1_TYPE missing validation and type confusion
- debian/patches/CVE-2026-2279x.patch: ensure ASN1 types are checked
before use in apps/s_client.c, crypto/pkcs12/p12_kiss.c,
crypto/pkcs7/pk7_doit.c.
- CVE-2026-22795
- CVE-2026-22796
-- Marc Deslauriers <email address hidden> Mon, 26 Jan 2026 07:31:31 -0500
|
| Source diff to previous version |
| CVE-2025-15467 |
Issue summary: Parsing CMS AuthEnvelopedData message with maliciously ... |
| CVE-2025-68160 |
Issue summary: Writing large, newline-free data into a BIO chain using ... |
| CVE-2025-69418 |
Issue summary: When using the low-level OCB API directly with AES-NI o ... |
| CVE-2025-69419 |
Issue summary: Calling PKCS12_get_friendlyname() function on a malicio ... |
| CVE-2025-69420 |
Issue summary: A type confusion vulnerability exists in the TimeStamp ... |
| CVE-2025-69421 |
Issue summary: Processing a malformed PKCS#12 file can trigger a NULL ... |
| CVE-2026-22795 |
Issue summary: An invalid or NULL pointer dereference can happen in an ... |
| CVE-2026-22796 |
Issue summary: A type confusion vulnerability exists in the signature ... |
|
|
openssl (3.0.13-0ubuntu3.6) noble-security; urgency=medium
* SECURITY UPDATE: Out-of-bounds read & write in RFC 3211 KEK Unwrap
- debian/patches/CVE-2025-9230.patch: fix incorrect check of unwrapped
key size in crypto/cms/cms_pwri.c.
- CVE-2025-9230
-- Marc Deslauriers <email address hidden> Thu, 18 Sep 2025 07:12:48 -0400
|
| Source diff to previous version |
|
|
|
openssl (3.0.13-0ubuntu3.5) noble-security; urgency=medium
* SECURITY UPDATE: Low-level invalid GF(2^m) parameters lead to OOB
memory access
- debian/patches/CVE-2024-9143.patch: harden BN_GF2m_poly2arr against
misuse in crypto/bn/bn_gf2m.c, test/ec_internal_test.c.
- CVE-2024-9143
* SECURITY UPDATE: A timing side-channel which could potentially allow
recovering the private key exists in the ECDSA signature computation
- debian/patches/CVE-2024-13176.patch: Fix timing side-channel in
ECDSA signature computation in crypto/bn/bn_exp.c,
crypto/ec/ec_lib.c, include/crypto/bn.h.
- CVE-2024-13176
-- Marc Deslauriers <email address hidden> Wed, 05 Feb 2025 08:17:43 -0500
|
| Source diff to previous version |
| CVE-2024-9143 |
Issue summary: Use of the low-level GF(2^m) elliptic curve APIs with untrusted explicit values for the field polynomial can lead to out-of-bounds mem |
| CVE-2024-13176 |
Issue summary: A timing side-channel which could potentially allow recovering the private key exists in the ECDSA signature computation. Impact summ |
|
|
openssl (3.0.13-0ubuntu3.4) noble-security; urgency=medium
* SECURITY UPDATE: Possible denial of service in X.509 name checks
- debian/patches/CVE-2024-6119.patch: avoid type errors in EAI-related
name check logic in crypto/x509/v3_utl.c, test/*.
- CVE-2024-6119
-- Marc Deslauriers <email address hidden> Tue, 20 Aug 2024 13:05:36 -0400
|
| Source diff to previous version |
|
openssl (3.0.13-0ubuntu3.3) noble-proposed; urgency=medium
* SRU: LP: #2076340: No-change rebuild to pick up changed build flags
on ppc64 and s390x.
-- Matthias Klose <email address hidden> Fri, 09 Aug 2024 04:33:21 +0200
|
About
-
Send Feedback to @ubuntu_updates
