Package "openssl"

Name: openssl


Secure Sockets Layer toolkit - cryptographic utility

Latest version: 1.1.1c-1ubuntu4.1
Release: eoan (19.10)
Level: security
Repository: main
Homepage: https://www.openssl.org/


Download "openssl"

Other versions of "openssl" in Eoan

Repository Area Version
base main 1.1.1c-1ubuntu4
updates main 1.1.1c-1ubuntu4.1

Packages in group

Deleted packages are displayed in grey.


Version: 1.1.1c-1ubuntu4.1 2020-05-28 13:07:02 UTC

  openssl (1.1.1c-1ubuntu4.1) eoan-security; urgency=medium

  * SECURITY UPDATE: ECDSA remote timing attack
    - debian/patches/CVE-2019-1547.patch: for ECC parameters with NULL or
      zero cofactor, compute it in crypto/ec/ec_lib.c.
    - CVE-2019-1547
  * SECURITY UPDATE: Fork Protection
    - debian/patches/CVE-2019-1549.patch: ensure fork-safety without using
      a pthread_atfork handler in crypto/include/internal/rand_int.h,
      crypto/init.c, crypto/rand/drbg_lib.c, crypto/rand/rand_lcl.h,
      crypto/rand/rand_lib.c, crypto/threads_none.c,
      crypto/threads_pthread.c, crypto/threads_win.c,
      include/internal/cryptlib.h, test/drbgtest.c.
    - CVE-2019-1549
  * SECURITY UPDATE: rsaz_512_sqr overflow bug on x86_64
    - debian/patches/CVE-2019-1551.patch: fix an overflow bug in
      rsaz_512_sqr in crypto/bn/asm/rsaz-x86_64.pl.
    - CVE-2019-1551
  * SECURITY UPDATE: Padding Oracle issue
    - debian/patches/CVE-2019-1563.patch: fix a padding oracle in
      PKCS7_dataDecode and CMS_decrypt_set1_pkey in crypto/cms/cms_env.c,
      crypto/cms/cms_lcl.h, crypto/cms/cms_smime.c,
    - CVE-2019-1563

 -- Marc Deslauriers <email address hidden> Wed, 27 May 2020 15:04:47 -0400

CVE-2019-1549 OpenSSL 1.1.1 introduced a rewritten random number generator (RNG). This was intended to include protection in the event of a fork() system call in o
CVE-2019-1551 There is an overflow bug in the x64_64 Montgomery squaring procedure used in exponentiation with 512-bit moduli. No EC algorithms are affected. Analy
CVE-2019-1563 In situations where an attacker receives automated notification of the success or failure of a decryption attempt an attacker, after sending a very l

About   -   Send Feedback to @ubuntu_updates