openssl (3.0.2-0ubuntu1.19) jammy-security; urgency=medium
* SECURITY UPDATE: Low-level invalid GF(2^m) parameters lead to OOB
memory access
- debian/patches/CVE-2024-9143.patch: harden BN_GF2m_poly2arr against
misuse in crypto/bn/bn_gf2m.c, test/ec_internal_test.c.
- CVE-2024-9143
* SECURITY UPDATE: A timing side-channel which could potentially allow
recovering the private key exists in the ECDSA signature computation
- debian/patches/CVE-2024-13176.patch: Fix timing side-channel in
ECDSA signature computation in crypto/bn/bn_exp.c,
crypto/ec/ec_lib.c, include/crypto/bn.h.
- CVE-2024-13176
-- Marc Deslauriers <marc.deslauriers@ubuntu.com> Wed, 05 Feb 2025 08:19:41 -0500
openssl (3.0.2-0ubuntu1.18) jammy-security; urgency=medium
* SECURITY UPDATE: Possible denial of service in X.509 name checks
- debian/patches/CVE-2024-6119.patch: avoid type errors in EAI-related
name check logic in crypto/x509/v3_utl.c, test/*.
- CVE-2024-6119
-- Marc Deslauriers <marc.deslauriers@ubuntu.com> Tue, 20 Aug 2024 13:27:32 -0400
openssl (3.0.2-0ubuntu1.17) jammy-security; urgency=medium
* SECURITY UPDATE: unbounded mem growth when processing TLSv1.3 sessions
- debian/patches/CVE-2024-2511.patch: fix unconstrained session cache
growth in TLSv1.3 in ssl/ssl_lib.c, ssl/ssl_sess.c,
ssl/statem/statem_srvr.c.
- CVE-2024-2511
* SECURITY UPDATE: checking excessively long DSA keys or params very slow
- debian/patches/CVE-2024-4603.patch: check DSA parameters for
excessive sizes before validating in crypto/dsa/dsa_check.c,
test/recipes/15-test_dsaparam_data/invalid/p10240_q256_too_big.pem.
- CVE-2024-4603
* SECURITY UPDATE: use after free with SSL_free_buffers
- debian/patches/CVE-2024-4741.patch: only free the read buffers if
we're not using them in ssl/record/rec_layer_s3.c,
ssl/record/record.h, ssl/ssl_lib.c.
- CVE-2024-4741
* SECURITY UPDATE: crash or memory disclosure via SSL_select_next_proto
- debian/patches/CVE-2024-5535.patch: validate provided client list in
ssl/ssl_lib.c.
- CVE-2024-5535
-- Marc Deslauriers <marc.deslauriers@ubuntu.com> Tue, 30 Jul 2024 11:18:05 -0400
openssl (3.0.2-0ubuntu1.16) jammy-security; urgency=medium
* SECURITY UPDATE: Excessive time spent in DH modular-exponentiation
calcuations when using long exponents.
- debian/patches/CVE-2022-40735-1.patch: Use the minimum key length
for known safe primes as per RFC 7919 in crypto/dh/dh_group_params.c,
crypto/ffc/ffc_backend.c, crypto/ffc/ffc_dh.c,
crypto/ffc/ffc_key_generate.c, include/internal/ffc.h and
test/ffc_internal_test.c
- debian/patches/CVE-2022-40735-2.patch: print DH key length in
providers/implementations/encode_decode/encode_key2text.c,
test/recipes/30-test_evp_pkey_provided/DH.priv.txt and
test/recipes/30-test_evp_pkey_provided/DH.pub.txt
- debian/patches/CVE-2022-40735-3.patch: test that short private keys
are generated when using a known safe DH prime in
test/evp_extra_test2.c
- debian/patches/CVE-2022-40735-4.patch: copy keylength when copying
FFC parameters in crypto/ffc/ffc_params.c and test/ffc_internal_test.c
- CVE-2022-40735
-- Alex Murray <alex.murray@canonical.com> Wed, 05 Jun 2024 12:58:14 +0930
openssl (3.0.2-0ubuntu1.15) jammy-security; urgency=medium
* SECURITY UPDATE: Implicit rejection for RSA PKCS#1 (LP: #2054090)
- debian/patches/openssl-pkcs1-implicit-rejection.patch:
Return deterministic random output instead of an error in case
there is a padding error in crypto/cms/cms_env.c,
crypto/evp/ctrl_params_translate.c, crypto/pkcs7/pk7_doit.c,
crypto/rsa/rsa_ossl.c, crypto/rsa/rsa_pk1.c,
crypto/rsa/rsa_pmeth.c, doc/man1/openssl-pkeyutl.pod.in,
doc/man1/openssl-rsautl.pod.in, doc/man3/EVP_PKEY_CTX_ctrl.pod,
doc/man3/EVP_PKEY_decrypt.pod,
doc/man3/RSA_padding_add_PKCS1_type_1.pod,
doc/man3/RSA_public_encrypt.pod, doc/man7/provider-asym_cipher.pod,
include/crypto/rsa.h, include/openssl/core_names.h,
include/openssl/rsa.h,
providers/implementations/asymciphers/rsa_enc.c and
test/recipes/30-test_evp_data/evppkey_rsa_common.txt.
-- David Fernandez Gonzalez <david.fernandezgonzalez@canonical.com> Fri, 16 Feb 2024 09:51:30 +0100
openssl (3.0.2-0ubuntu1.14) jammy-security; urgency=medium
* SECURITY UPDATE: Excessive time spent in DH check / generation with
large Q parameter value
- debian/patches/CVE-2023-5678.patch: make DH_check_pub_key() and
DH_generate_key() safer yet in crypto/dh/dh_check.c,
crypto/dh/dh_err.c, crypto/dh/dh_key.c, crypto/err/openssl.txt,
include/crypto/dherr.h, include/openssl/dh.h,
include/openssl/dherr.h.
- CVE-2023-5678
* SECURITY UPDATE: POLY1305 MAC implementation corrupts vector registers
on PowerPC
- debian/patches/CVE-2023-6129.patch: fix vector register clobbering in
crypto/poly1305/asm/poly1305-ppc.pl.
- CVE-2023-6129
* SECURITY UPDATE: Excessive time spent checking invalid RSA public keys
- debian/patches/CVE-2023-6237.patch: limit the execution time of RSA
public key check in crypto/rsa/rsa_sp800_56b_check.c,
test/recipes/91-test_pkey_check.t,
test/recipes/91-test_pkey_check_data/rsapub_17k.pem.
- CVE-2023-6237
* SECURITY UPDATE: PKCS12 Decoding crashes
- debian/patches/CVE-2024-0727.patch: add NULL checks where ContentInfo
data can be NULL in crypto/pkcs12/p12_add.c,
crypto/pkcs12/p12_mutl.c, crypto/pkcs12/p12_npas.c,
crypto/pkcs7/pk7_mime.c.
- CVE-2024-0727
-- Marc Deslauriers <marc.deslauriers@ubuntu.com> Wed, 31 Jan 2024 13:43:23 -0500
openssl (3.0.2-0ubuntu1.13) jammy; urgency=medium
* Fix (upstream): crash when using an engine for ciphers used by DRBG
(LP: #2023545)
- lp2023545/0001-Release-the-drbg-in-the-global-default-context-befor.patch
* Fix (upstream): do not ignore return values for S/MIME signature
(LP: #1994165)
- lp1994165/0001-REGRESSION-CMS_final-do-not-ignore-CMS_dataFinal-res.patch
* Perf (upstream): don't empty method stores and provider synchronization
records when flushing the query cache (LP: #2033422)
- lp2033422/0001-Drop-ossl_provider_clear_all_operation_bits-and-all-.patch
- lp2033422/0002-Refactor-method-construction-pre-and-post-condition.patch
- lp2033422/0003-Don-t-empty-the-method-store-when-flushing-the-query.patch
- lp2033422/0004-Make-it-possible-to-remove-methods-by-the-provider-t.patch
- lp2033422/0005-Complete-the-cleanup-of-an-algorithm-in-OSSL_METHOD_.patch
- lp2033422/0006-For-child-libctx-provider-don-t-count-self-reference.patch
- lp2033422/0007-Add-method-store-cache-flush-and-method-removal-to-n.patch
-- Adrien Nader <adrien.nader@canonical.com> Tue, 09 Jan 2024 11:42:50 +0100
openssl (3.0.2-0ubuntu1.12) jammy-security; urgency=medium
[ Marc Deslauriers ]
* SECURITY UPDATE: AES-SIV implementation ignores empty associated data
entries
- debian/patches/CVE-2023-2975.patch: do not ignore empty associated
data with AES-SIV mode in
providers/implementations/ciphers/cipher_aes_siv.c.
- CVE-2023-2975
* SECURITY UPDATE: Incorrect cipher key and IV length processing
- debian/patches/CVE-2023-5363-1.patch: process key length and iv
length early if present in crypto/evp/evp_enc.c.
- debian/patches/CVE-2023-5363-2.patch: add unit test in
test/evp_extra_test.c.
- CVE-2023-5363
[ Ian Constantin ]
* SECURITY UPDATE: denial of service
- debian/patches/CVE-2023-3446.patch: adds check to prevent the testing of
an excessively large modulus in DH_check().
- CVE-2023-3446
* SECURITY UPDATE: denial of service
- debian/patches/CVE-2023-3817.patch: adds check to prevent the testing of
invalid q values in DH_check().
- CVE-2023-3817
-- Marc Deslauriers <marc.deslauriers@ubuntu.com> Fri, 13 Oct 2023 08:02:49 -0400
openssl (3.0.2-0ubuntu1.10) jammy-security; urgency=medium
* SECURITY UPDATE: DoS in AES-XTS cipher decryption
- debian/patches/CVE-2023-1255.patch: avoid buffer overrread in
crypto/aes/asm/aesv8-armx.pl.
- CVE-2023-1255
* SECURITY UPDATE: Possible DoS translating ASN.1 object identifiers
- debian/patches/CVE-2023-2650.patch: restrict the size of OBJECT
IDENTIFIERs that OBJ_obj2txt will translate in
crypto/objects/obj_dat.c.
- CVE-2023-2650
* Replace CVE-2022-4304 fix with improved version
- debian/patches/CVE-2022-4304.patch: use alternative fix in
crypto/bn/bn_asm.c, crypto/bn/bn_blind.c, crypto/bn/bn_lib.c,
crypto/bn/bn_local.h, crypto/rsa/rsa_ossl.c.
-- Marc Deslauriers <marc.deslauriers@ubuntu.com> Wed, 24 May 2023 13:12:55 -0400
openssl (3.0.2-0ubuntu1.9) jammy-security; urgency=medium
* SECURITY UPDATE: double locking when processing X.509 certificate policy
constraints
- debian/patches/CVE-2022-3996-1.patch: revert commit 9aa4be69 and remove
redundant flag setting.
- debian/patches/CVE-2022-3996-2.patch: add test case for reported
deadlock.
- CVE-2022-3996
* SECURITY UPDATE: excessive resource use when verifying policy constraints
- debian/patches/CVE-2023-0464-1.patch: limit the number of nodes created
in a policy tree (the default limit is set to 1000 nodes).
- debian/patches/CVE-2023-0464-2.patch: add test cases for the policy
resource overuse.
- debian/patches/CVE-2023-0464-3.patch: disable the policy tree
exponential growth test conditionally.
- CVE-2023-0464
* SECURITY UPDATE: invalid certificate policies ignored in leaf certificates
- debian/patches/CVE-2023-0465-1.patch: ensure that EXFLAG_INVALID_POLICY
is checked even in leaf certs.
- debian/patches/CVE-2023-0465-2.patch: generate some certificates with
the certificatePolicies extension.
- debian/patches/CVE-2023-0465-3.patch: add a certificate policies test.
- CVE-2023-0466
* SECURITY UPDATE: certificate policy check in X509_VERIFY_PARAM_add0_policy
not enabled as documented
- debian/patches/CVE-2023-0466.patch: fix documentation of
X509_VERIFY_PARAM_add0_policy().
- CVE-2023-0466
-- Camila Camargo de Matos <camila.camargodematos@canonical.com> Mon, 17 Apr 2023 15:12:58 -0300
# For older changelog entries, run 'apt-get changelog libssl3'
Generated by dwww version 1.14 on Tue Aug 26 19:37:20 CEST 2025.