Format: 1.8 Date: Mon, 06 Feb 2023 12:57:17 -0500 Source: openssl Binary: openssl libssl1.1 libcrypto1.1-udeb libssl1.1-udeb libssl-dev libssl-doc Architecture: amd64 all amd64_translations Version: 1.1.1-1ubuntu2.1~18.04.21 Distribution: bionic Urgency: medium Maintainer: Launchpad Build Daemon Changed-By: Marc Deslauriers Description: libcrypto1.1-udeb - Secure Sockets Layer toolkit - libcrypto udeb (udeb) libssl-dev - Secure Sockets Layer toolkit - development files libssl-doc - Secure Sockets Layer toolkit - development documentation libssl1.1 - Secure Sockets Layer toolkit - shared libraries libssl1.1-udeb - ssl shared library - udeb (udeb) openssl - Secure Sockets Layer toolkit - cryptographic utility Changes: openssl (1.1.1-1ubuntu2.1~18.04.21) bionic-security; urgency=medium . * SECURITY UPDATE: Timing Oracle in RSA Decryption - debian/patches/CVE-2022-4304.patch: fix timing oracle in crypto/bn/bn_blind.c, crypto/bn/bn_err.c, crypto/bn/bn_lcl.h, crypto/bn/rsa_sup_mul.c, crypto/err/openssl.txt, crypto/rsa/rsa_ossl.c, include/openssl/bnerr.h, crypto/include/internal/bn_int.h, crypto/bn/build.info. - CVE-2022-4304 * SECURITY UPDATE: Double free after calling PEM_read_bio_ex - debian/patches/CVE-2022-4450-1.patch: avoid dangling ptrs in header and data params for PEM_read_bio_ex in crypto/pem/pem_lib.c. - debian/patches/CVE-2022-4450-2.patch: add a test in test/pemtest.c. - CVE-2022-4450 * SECURITY UPDATE: Use-after-free following BIO_new_NDEF - debian/patches/CVE-2023-0215-1.patch: fix a UAF resulting from a bug in BIO_new_NDEF in crypto/asn1/bio_ndef.c. - debian/patches/CVE-2023-0215-2.patch: check CMS failure during BIO setup with -stream is handled correctly in test/recipes/80-test_cms.t, test/smime-certs/badrsa.pem. - CVE-2023-0215 * SECURITY UPDATE: X.400 address type confusion in X.509 GeneralName - debian/patches/CVE-2023-0286.patch: fix GENERAL_NAME_cmp for x400Address in crypto/x509/v3_genn.c, include/openssl/x509v3.h, test/v3nametest.c. - CVE-2023-0286 Checksums-Sha1: af2df37e92714a21ff8286a2b59af91310bb0e68 1075856 libcrypto1.1-udeb_1.1.1-1ubuntu2.1~18.04.21_amd64.udeb 4c3ea000a8560ea280fb69544b7722cde8bd350a 1569292 libssl-dev_1.1.1-1ubuntu2.1~18.04.21_amd64.deb 2e620f84fe8ed446cb959477415c874f64b432ed 1487704 libssl-doc_1.1.1-1ubuntu2.1~18.04.21_all.deb 52290044bfb3eff261c9f9aed2c43c0441fd1c07 3398548 libssl1.1-dbgsym_1.1.1-1ubuntu2.1~18.04.21_amd64.ddeb 15c262c8c9265c92285f0916f743b0c303369d48 191596 libssl1.1-udeb_1.1.1-1ubuntu2.1~18.04.21_amd64.udeb 4ba13d6b9ba75fe68165df324faeff118328db9c 1303828 libssl1.1_1.1.1-1ubuntu2.1~18.04.21_amd64.deb c0db81bcbe68440eab8e7ed26680e30b38a31c9b 549784 openssl-dbgsym_1.1.1-1ubuntu2.1~18.04.21_amd64.ddeb 7eda29a8f806bc92eae0990326ed0d79e3ed3a2e 7970 openssl_1.1.1-1ubuntu2.1~18.04.21_amd64.buildinfo cd44e70cda55f15acb11b073e576ad3fa59d26c2 614016 openssl_1.1.1-1ubuntu2.1~18.04.21_amd64.deb d31e9849e3253221195eba98d8a2a4ea4c6e7819 26559 openssl_1.1.1-1ubuntu2.1~18.04.21_amd64_translations.tar.gz Checksums-Sha256: a87d914dad672f8b208d16f43e85e989f9c2e79b23540ef9d797e213c83543a3 1075856 libcrypto1.1-udeb_1.1.1-1ubuntu2.1~18.04.21_amd64.udeb 29f86d3aa349546824bbe8149f8e1573ca7e353ba9c9eb5f2c454bc6cfe01fc4 1569292 libssl-dev_1.1.1-1ubuntu2.1~18.04.21_amd64.deb 42e1e9719425ed839c6e96385eae748617ff93caa8684627bc1a34eb1d108803 1487704 libssl-doc_1.1.1-1ubuntu2.1~18.04.21_all.deb 75fff85cbdfc6d69ffc665fea118e20febeb50f45854db8a25dec867c4c7b254 3398548 libssl1.1-dbgsym_1.1.1-1ubuntu2.1~18.04.21_amd64.ddeb 0fe42a658c513b314f4b8dd28373a9ff393e24627c49446bdfd2fb85aa40e653 191596 libssl1.1-udeb_1.1.1-1ubuntu2.1~18.04.21_amd64.udeb c620ea3621abd44f7b45d71a5f1d5765dccda21470dca2769040f4edacfefff8 1303828 libssl1.1_1.1.1-1ubuntu2.1~18.04.21_amd64.deb ac38f9700bc038542b891f7ad8a593bc42d15a88571ba71e3489ccd879d4169c 549784 openssl-dbgsym_1.1.1-1ubuntu2.1~18.04.21_amd64.ddeb 24210ad2a1377b482c30e817a5f55a67799aa616d06d6bc8d3c798d1880f5e2a 7970 openssl_1.1.1-1ubuntu2.1~18.04.21_amd64.buildinfo b4e866deb70fbcd8f411ed4e18c007207c3155b28dd4ff1ff6b4c45df8af07e0 614016 openssl_1.1.1-1ubuntu2.1~18.04.21_amd64.deb 019461cdd66b44dbbd8f661914742f694cbff1a25951300d3e4841affdcbb2e9 26559 openssl_1.1.1-1ubuntu2.1~18.04.21_amd64_translations.tar.gz Files: c5501e0a23efb2b11bba14674b6bf6d0 1075856 debian-installer optional libcrypto1.1-udeb_1.1.1-1ubuntu2.1~18.04.21_amd64.udeb 5031aa9dd19b338cf3a22d74811eea30 1569292 libdevel optional libssl-dev_1.1.1-1ubuntu2.1~18.04.21_amd64.deb 181cb287f1fc11ed005afa51c2ff5df3 1487704 doc optional libssl-doc_1.1.1-1ubuntu2.1~18.04.21_all.deb 782658b40842dc381fb2753b276aef2c 3398548 debug optional libssl1.1-dbgsym_1.1.1-1ubuntu2.1~18.04.21_amd64.ddeb 31c3e5ab7730e25d997b5e492c537939 191596 debian-installer optional libssl1.1-udeb_1.1.1-1ubuntu2.1~18.04.21_amd64.udeb dfe36215a10eb821b13d0bd9e10adb8c 1303828 libs optional libssl1.1_1.1.1-1ubuntu2.1~18.04.21_amd64.deb 6f083090ca7158e0b9de5c853fd085fd 549784 debug optional openssl-dbgsym_1.1.1-1ubuntu2.1~18.04.21_amd64.ddeb c7311734fa91b32bbcbe18bb66686414 7970 utils optional openssl_1.1.1-1ubuntu2.1~18.04.21_amd64.buildinfo f6b7cdcbe0301313e3566327a4955046 614016 utils optional openssl_1.1.1-1ubuntu2.1~18.04.21_amd64.deb 1ea6d506976677480035593b80adbbe3 26559 raw-translations - openssl_1.1.1-1ubuntu2.1~18.04.21_amd64_translations.tar.gz Original-Maintainer: Debian OpenSSL Team