Format: 1.8 Date: Mon, 06 Feb 2023 12:57:17 -0500 Source: openssl Binary: libssl-dev libssl-doc libssl3 openssl Built-For-Profiles: noudeb Architecture: amd64 all amd64_translations Version: 3.0.2-0ubuntu1.8 Distribution: jammy Urgency: medium Maintainer: Launchpad Build Daemon Changed-By: Marc Deslauriers Description: libssl-dev - Secure Sockets Layer toolkit - development files libssl-doc - Secure Sockets Layer toolkit - development documentation libssl3 - Secure Sockets Layer toolkit - shared libraries openssl - Secure Sockets Layer toolkit - cryptographic utility Changes: openssl (3.0.2-0ubuntu1.8) jammy-security; urgency=medium . * SECURITY UPDATE: X.509 Name Constraints Read Buffer Overflow - debian/patches/CVE-2022-4203-1.patch: fix type confusion in nc_match_single() in crypto/x509/v3_ncons.c. - debian/patches/CVE-2022-4203-2.patch: add testcase for nc_match_single type confusion in test/*. - CVE-2022-4203 * SECURITY UPDATE: Timing Oracle in RSA Decryption - debian/patches/CVE-2022-4304.patch: fix timing oracle in crypto/bn/bn_blind.c, crypto/bn/bn_local.h, crypto/bn/build.info, crypto/bn/rsa_sup_mul.c, crypto/rsa/rsa_ossl.c, include/crypto/bn.h. - CVE-2022-4304 * SECURITY UPDATE: Double free after calling PEM_read_bio_ex - debian/patches/CVE-2022-4450-1.patch: avoid dangling ptrs in header and data params for PEM_read_bio_ex in crypto/pem/pem_lib.c. - debian/patches/CVE-2022-4450-2.patch: add a test in test/pemtest.c. - CVE-2022-4450 * SECURITY UPDATE: Use-after-free following BIO_new_NDEF - debian/patches/CVE-2023-0215-1.patch: fix a UAF resulting from a bug in BIO_new_NDEF in crypto/asn1/bio_ndef.c. - debian/patches/CVE-2023-0215-2.patch: check CMS failure during BIO setup with -stream is handled correctly in test/recipes/80-test_cms.t, test/smime-certs/badrsa.pem. - CVE-2023-0215 * SECURITY UPDATE: Invalid pointer dereference in d2i_PKCS7 functions - debian/patches/CVE-2023-0216-1.patch: do not dereference PKCS7 object data if not set in crypto/pkcs7/pk7_lib.c. - debian/patches/CVE-2023-0216-2.patch: add test for d2i_PKCS7 NULL dereference in test/recipes/25-test_pkcs7.t, test/recipes/25-test_pkcs7_data/malformed.pkcs7. - CVE-2023-0216 * SECURITY UPDATE: NULL dereference validating DSA public key - debian/patches/CVE-2023-0217-1.patch: fix NULL deference when validating FFC public key in crypto/ffc/ffc_key_validate.c, include/internal/ffc.h, test/ffc_internal_test.c. - debian/patches/CVE-2023-0217-2.patch: prevent creating DSA and DH keys without parameters through import in providers/implementations/keymgmt/dh_kmgmt.c, providers/implementations/keymgmt/dsa_kmgmt.c. - debian/patches/CVE-2023-0217-3.patch: do not create DSA keys without parameters by decoder in crypto/x509/x_pubkey.c, include/crypto/x509.h, providers/implementations/encode_decode/decode_der2key.c. - CVE-2023-0217 * SECURITY UPDATE: X.400 address type confusion in X.509 GeneralName - debian/patches/CVE-2023-0286.patch: fix GENERAL_NAME_cmp for x400Address in crypto/x509/v3_genn.c, include/openssl/x509v3.h.in, test/v3nametest.c. - CVE-2023-0286 * SECURITY UPDATE: NULL dereference during PKCS7 data verification - debian/patches/CVE-2023-0401-1.patch: check return of BIO_set_md() calls in crypto/pkcs7/pk7_doit.c. - debian/patches/CVE-2023-0401-2.patch: add testcase for missing return check of BIO_set_md() calls in test/recipes/80-test_cms.t, test/recipes/80-test_cms_data/pkcs7-md4.pem. - CVE-2023-0401 Checksums-Sha1: 990932ffece451cf442ac3be8c60d92058127d33 2373772 libssl-dev_3.0.2-0ubuntu1.8_amd64.deb 8a3f1e5b5ec81d01dc514440fbd00b3ac615a88a 2082500 libssl-doc_3.0.2-0ubuntu1.8_all.deb fc3215edc0122e4eb235eb1589e1a32ff6cd32b6 5068680 libssl3-dbgsym_3.0.2-0ubuntu1.8_amd64.ddeb 07b153282d352879bb3ce06f3f388304db94321d 1901980 libssl3_3.0.2-0ubuntu1.8_amd64.deb 65d271f18be2456a9025d3163dc0b15e27250459 759518 openssl-dbgsym_3.0.2-0ubuntu1.8_amd64.ddeb 1512bc031a22985319bce3bf7aa44d4ff0322a0a 7568 openssl_3.0.2-0ubuntu1.8_amd64.buildinfo bbc326dac84a7073bfae0b647f68aa118ee70665 1183978 openssl_3.0.2-0ubuntu1.8_amd64.deb 344bc7835e0f0f92c15eeea656114a306b2e3b51 27401 openssl_3.0.2-0ubuntu1.8_amd64_translations.tar.gz Checksums-Sha256: 5231e9afcd0b0bf3b56e3dd16ef175fc926c42387d73fee8bf196e43db73cafd 2373772 libssl-dev_3.0.2-0ubuntu1.8_amd64.deb 4b0c498d9ba212bf50760af17f2cdf151718cec681b313b02fef226eb3b20fb2 2082500 libssl-doc_3.0.2-0ubuntu1.8_all.deb f3acf9965e4f488104da318c9a11589cf23a7c4b313143aebaf18c6dd00207ca 5068680 libssl3-dbgsym_3.0.2-0ubuntu1.8_amd64.ddeb f666b45384366766719c88c0ba8a0df413bb095849172449ddeb2acdf60b4303 1901980 libssl3_3.0.2-0ubuntu1.8_amd64.deb d5dd51e8fce7d9d54d286ec804b78553b070440a9037a686ba6b64d7b8c1df7f 759518 openssl-dbgsym_3.0.2-0ubuntu1.8_amd64.ddeb a65ae830b150236ec4dcf85ac99d0e592132cf578515596bfecf7879969f622e 7568 openssl_3.0.2-0ubuntu1.8_amd64.buildinfo ae31b86e3c8552737745ac7b3fd511d269a47472b1cccbb7ca650f8eeabd31d4 1183978 openssl_3.0.2-0ubuntu1.8_amd64.deb 415c0255dbdd1cb1d03c2a71d9a0e23429ec3cd29627096d8deb6fdcb08581b3 27401 openssl_3.0.2-0ubuntu1.8_amd64_translations.tar.gz Files: 551c95d0cbe1e0005ce0def55dc5b6c9 2373772 libdevel optional libssl-dev_3.0.2-0ubuntu1.8_amd64.deb 9d9879a4bd58860d5a4683d4f12b9feb 2082500 doc optional libssl-doc_3.0.2-0ubuntu1.8_all.deb 289485436b6f05053f6bc22093505bfe 5068680 debug optional libssl3-dbgsym_3.0.2-0ubuntu1.8_amd64.ddeb a960425862d712a652b1e4fe8edb77a6 1901980 libs optional libssl3_3.0.2-0ubuntu1.8_amd64.deb 59f0bdcec202b9bc1116be11d873b9eb 759518 debug optional openssl-dbgsym_3.0.2-0ubuntu1.8_amd64.ddeb 90e3007b5a532380a0b681bed45f8a41 7568 utils optional openssl_3.0.2-0ubuntu1.8_amd64.buildinfo 0a06e1942a40298c21ded0a782f04a64 1183978 utils optional openssl_3.0.2-0ubuntu1.8_amd64.deb fef16d28c260dc84f119989b8930168c 27401 raw-translations - openssl_3.0.2-0ubuntu1.8_amd64_translations.tar.gz Original-Maintainer: Debian OpenSSL Team