[ubuntu/bionic-security] openssl 1.1.1-1ubuntu2.1~18.04.22 (Accepted)

Camila Camargo de Matos camila.camargodematos at canonical.com
Tue Apr 25 10:56:00 UTC 2023


openssl (1.1.1-1ubuntu2.1~18.04.22) bionic-security; urgency=medium

  * SECURITY UPDATE: excessive resource use when verifying policy constraints
    - debian/patches/CVE-2023-0464-1.patch: limit the number of nodes created
      in a policy tree (the default limit is set to 1000 nodes).
    - debian/patches/CVE-2023-0464-2.patch: add test cases for the policy
      resource overuse.
    - debian/patches/CVE-2023-0464-3.patch: disable the policy tree
      exponential growth test conditionally.
    - CVE-2023-0464
  * SECURITY UPDATE: invalid certificate policies ignored in leaf certificates
    - debian/patches/CVE-2023-0465-1.patch: ensure that EXFLAG_INVALID_POLICY
      is checked even in leaf certs. 
    - debian/patches/CVE-2023-0465-2.patch: generate some certificates with
      the certificatePolicies extension.
    - debian/patches/CVE-2023-0465-3.patch: add a certificate policies test.
    - CVE-2023-0466
  * SECURITY UPDATE: certificate policy check in X509_VERIFY_PARAM_add0_policy
    not enabled as documented
    - debian/patches/CVE-2023-0466.patch: fix documentation of
      X509_VERIFY_PARAM_add0_policy().
    - CVE-2023-0466

Date: 2023-04-18 19:34:09.555984+00:00
Changed-By: Camila Camargo de Matos <camila.camargodematos at canonical.com>
https://launchpad.net/ubuntu/+source/openssl/1.1.1-1ubuntu2.1~18.04.22
-------------- next part --------------
Sorry, changesfile not available.


More information about the Bionic-changes mailing list