[ubuntu/focal-security] openssl 1.1.1f-1ubuntu2.12 (Accepted)

Marc Deslauriers marc.deslauriers at canonical.com
Tue Mar 15 16:38:31 UTC 2022

openssl (1.1.1f-1ubuntu2.12) focal-security; urgency=medium

  * SECURITY UPDATE: Infinite loop in BN_mod_sqrt()
    - debian/patches/CVE-2022-0778-1.patch: fix infinite loop in
    - debian/patches/CVE-2022-0778-2.patch: add documentation of
      BN_mod_sqrt() in doc/man3/BN_add.pod.
    - debian/patches/CVE-2022-0778-3.patch: add a negative testcase for
      BN_mod_sqrt in test/bntest.c, test/recipes/10-test_bn_data/bnmod.txt.
    - CVE-2022-0778

openssl (1.1.1f-1ubuntu2.11) focal; urgency=medium

  * Fixup pointer authentication for armv8 systems that support it when
    using the poly1305 MAC, preventing segmentation faults. (LP: #1960863)
    - d/p/lp-1960863-crypto-poly1305-asm-fix-armv8-pointer-authenticat.patch

openssl (1.1.1f-1ubuntu2.10) focal; urgency=medium

  * Cherry-pick upstream fixes to prevent double engine loading (LP: #1951943)

openssl (1.1.1f-1ubuntu2.9) focal; urgency=medium

  * Cherry-pick stable patches to fix potential use-after-free. LP:

Date: 2022-03-09 14:32:10.451192+00:00
Changed-By: Marc Deslauriers <marc.deslauriers at canonical.com>
-------------- next part --------------
Sorry, changesfile not available.

More information about the Focal-changes mailing list