UbuntuUpdates.org

Package "libssl3"

Name: libssl3

Description:

Secure Sockets Layer toolkit - shared libraries

Latest version: 3.0.2-0ubuntu1.6
Release: jammy (22.04)
Level: updates
Repository: main
Head package: openssl
Homepage: https://www.openssl.org/

Links


Download "libssl3"


Other versions of "libssl3" in Jammy

Repository Area Version
security main 3.0.2-0ubuntu1.6

Changelog

Version: 3.0.2-0ubuntu1.6 2022-07-05 21:46:33 UTC

  openssl (3.0.2-0ubuntu1.6) jammy-security; urgency=medium

  * SECURITY UPDATE: AES OCB fails to encrypt some bytes
    - debian/patches/CVE-2022-2097-1.patch: fix AES OCB encrypt/decrypt for
      x86 AES-NI in crypto/aes/asm/aesni-x86.pl.
    - debian/patches/CVE-2022-2097-2.patch: add AES OCB test vectors in
      test/recipes/30-test_evp_data/evpciph_aes_ocb.txt.
    - CVE-2022-2097

 -- Marc Deslauriers <email address hidden> Mon, 04 Jul 2022 07:20:23 -0400

Source diff to previous version
CVE-2022-2097 AES OCB mode for 32-bit x86 platforms using the AES-NI assembly optimi ...

Version: 3.0.2-0ubuntu1.5 2022-06-21 17:06:35 UTC

  openssl (3.0.2-0ubuntu1.5) jammy-security; urgency=medium

  * SECURITY UPDATE: c_rehash script allows command injection
    - debian/patches/CVE-2022-1292.patch: switch to upstream patch, and
      apply it before c_rehash-compat.patch.
    - debian/patches/CVE-2022-2068-1.patch: fix file operations in
      tools/c_rehash.in.
    - debian/patches/CVE-2022-2068-2.patch: drop the issuer_name_hash=
      prefix from the CRL hash in tools/c_rehash.in.
    - debian/patches/c_rehash-compat.patch: updated patch to apply after
      the security updates.
    - CVE-2022-2068

 -- Marc Deslauriers <email address hidden> Wed, 15 Jun 2022 10:26:20 -0400

Source diff to previous version
CVE-2022-1292 The c_rehash script does not properly sanitise shell metacharacters to ...
CVE-2022-2068 The c_rehash script allows command injection

Version: 3.0.2-0ubuntu1.4 2022-06-20 16:06:22 UTC

  openssl (3.0.2-0ubuntu1.4) jammy; urgency=medium

  * d/p/lp1978093/*: renew some expiring test certificates (LP: #1978093)

Source diff to previous version
1978093 openssl: FTBFS due to expired certificates

Version: 3.0.2-0ubuntu1.2 2022-05-17 10:06:30 UTC

  openssl (3.0.2-0ubuntu1.2) jammy; urgency=medium

  * d/p/lp1968997/*: cherry-pick a patchset to fix issues with the Turkish
    locale (LP: #1968997)

 -- Simon Chopin <email address hidden> Thu, 05 May 2022 10:04:52 +0200

Source diff to previous version
1968997 openssl has catastrophic issues when locale set to TR_UTF8

Version: 3.0.2-0ubuntu1.1 2022-05-04 19:06:28 UTC

  openssl (3.0.2-0ubuntu1.1) jammy-security; urgency=medium

  * SECURITY UPDATE: c_rehash script allows command injection
    - debian/patches/CVE-2022-1292.patch: do not use shell to invoke
      openssl in tools/c_rehash.in.
    - CVE-2022-1292
  * SECURITY UPDATE: OCSP_basic_verify may incorrectly verify the response
    signing certificate
    - debian/patches/CVE-2022-1343-1.patch: fix OCSP_basic_verify signer
      certificate validation in crypto/ocsp/ocsp_vfy.c.
    - debian/patches/CVE-2022-1343-2.patch: test ocsp with invalid
      responses in test/recipes/80-test_ocsp.t.
    - CVE-2022-1343
  * SECURITY UPDATE: incorrect MAC key used in the RC4-MD5 ciphersuite
    - debian/patches/CVE-2022-1434.patch: fix the RC4-MD5 cipher in
      providers/implementations/ciphers/cipher_rc4_hmac_md5.c,
      test/recipes/30-test_evp_data/evpciph_aes_stitched.txt,
      test/recipes/30-test_evp_data/evpciph_rc4_stitched.txt.
    - CVE-2022-1434
  * SECURITY UPDATE: resource leakage when decoding certificates and keys
    - debian/patches/CVE-2022-1473.patch: fix bug in OPENSSL_LH_flush in
      crypto/lhash/lhash.c.
    - CVE-2022-1473

 -- Marc Deslauriers <email address hidden> Tue, 03 May 2022 12:01:34 -0400

CVE-2022-1292 The c_rehash script does not properly sanitise shell metacharacters to ...
CVE-2022-1343 The function `OCSP_basic_verify` verifies the signer certificate on an ...
CVE-2022-1434 The OpenSSL 3.0 implementation of the RC4-MD5 ciphersuite incorrectly ...
CVE-2022-1473 The OPENSSL_LH_flush() function, which empties a hash table, contains ...



About   -   Send Feedback to @ubuntu_updates