Package "openssl"
| Name: |
openssl
|
Description: |
Secure Sockets Layer toolkit - cryptographic utility
|
| Latest version: |
3.0.8-1ubuntu1.4 |
| Release: |
lunar (23.04) |
| Level: |
updates |
| Repository: |
main |
| Homepage: |
https://www.openssl.org/ |
Links
Download "openssl"
Other versions of "openssl" in Lunar
Packages in group
Deleted packages are displayed in grey.
Changelog
|
openssl (3.0.8-1ubuntu1.4) lunar-security; urgency=medium
[ Marc Deslauriers ]
* SECURITY UPDATE: AES-SIV implementation ignores empty associated data
entries
- debian/patches/CVE-2023-2975.patch: do not ignore empty associated
data with AES-SIV mode in
providers/implementations/ciphers/cipher_aes_siv.c.
- CVE-2023-2975
* SECURITY UPDATE: Incorrect cipher key and IV length processing
- debian/patches/CVE-2023-5363-1.patch: process key length and iv
length early if present in crypto/evp/evp_enc.c.
- debian/patches/CVE-2023-5363-2.patch: add unit test in
test/evp_extra_test.c.
- CVE-2023-5363
[ Ian Constantin ]
* SECURITY UPDATE: denial of service
- debian/patches/CVE-2023-3446.patch: adds check to prevent the testing of
an excessively large modulus in DH_check().
- CVE-2023-3446
* SECURITY UPDATE: denial of service
- debian/patches/CVE-2023-3817.patch: adds check to prevent the testing of
invalid q values in DH_check().
- CVE-2023-3817
-- Marc Deslauriers <email address hidden> Fri, 13 Oct 2023 08:02:49 -0400
|
| Source diff to previous version |
|
|
|
openssl (3.0.8-1ubuntu1.2) lunar-security; urgency=medium
* SECURITY UPDATE: DoS in AES-XTS cipher decryption
- debian/patches/CVE-2023-1255.patch: avoid buffer overrread in
crypto/aes/asm/aesv8-armx.pl.
- CVE-2023-1255
* SECURITY UPDATE: Possible DoS translating ASN.1 object identifiers
- debian/patches/CVE-2023-2650.patch: restrict the size of OBJECT
IDENTIFIERs that OBJ_obj2txt will translate in
crypto/objects/obj_dat.c.
- CVE-2023-2650
* Replace CVE-2022-4304 fix with improved version
- debian/patches/revert-CVE-2022-4304.patch: remove previous fix.
- debian/patches/CVE-2022-4304.patch: use alternative fix in
crypto/bn/bn_asm.c, crypto/bn/bn_blind.c, crypto/bn/bn_lib.c,
crypto/bn/bn_local.h, crypto/rsa/rsa_ossl.c.
-- Marc Deslauriers <email address hidden> Wed, 24 May 2023 13:04:49 -0400
|
| Source diff to previous version |
|
|
|
openssl (3.0.8-1ubuntu1.1) lunar-security; urgency=medium
* SECURITY UPDATE: excessive resource use when verifying policy constraints
- debian/patches/CVE-2023-0464-1.patch: limit the number of nodes created
in a policy tree (the default limit is set to 1000 nodes).
- debian/patches/CVE-2023-0464-2.patch: add test cases for the policy
resource overuse.
- debian/patches/CVE-2023-0464-3.patch: disable the policy tree
exponential growth test conditionally.
- CVE-2023-0464
* SECURITY UPDATE: invalid certificate policies ignored in leaf certificates
- debian/patches/CVE-2023-0465-1.patch: ensure that EXFLAG_INVALID_POLICY
is checked even in leaf certs.
- debian/patches/CVE-2023-0465-2.patch: generate some certificates with
the certificatePolicies extension.
- debian/patches/CVE-2023-0465-3.patch: add a certificate policies test.
- CVE-2023-0466
* SECURITY UPDATE: certificate policy check in X509_VERIFY_PARAM_add0_policy
not enabled as documented
- debian/patches/CVE-2023-0466.patch: fix documentation of
X509_VERIFY_PARAM_add0_policy().
- CVE-2023-0466
-- Camila Camargo de Matos <email address hidden> Mon, 24 Apr 2023 07:52:33 -0300
|
| CVE-2023-0464 |
A security vulnerability has been identified in all supported versions of OpenSSL related to the verification of X.509 certificate chains that includ |
|
About
-
Send Feedback to @ubuntu_updates
