[ubuntu/focal-security] openssl 1.1.1f-1ubuntu2.23 (Accepted)
Marc Deslauriers
marc.deslauriers at canonical.com
Wed Jul 31 15:32:15 UTC 2024
openssl (1.1.1f-1ubuntu2.23) focal-security; urgency=medium
* SECURITY UPDATE: unbounded mem growth when processing TLSv1.3 sessions
- debian/patches/CVE-2024-2511.patch: fix unconstrained session cache
growth in TLSv1.3 in ssl/ssl_lib.c, ssl/ssl_sess.c,
ssl/statem/statem_srvr.c.
- CVE-2024-2511
* SECURITY UPDATE: use after free with SSL_free_buffers
- debian/patches/CVE-2024-4741.patch: only free the read buffers if
we're not using them in ssl/record/rec_layer_s3.c,
ssl/record/record.h, ssl/ssl_lib.c.
- CVE-2024-4741
* SECURITY UPDATE: crash or memory disclosure via SSL_select_next_proto
- debian/patches/CVE-2024-5535.patch: validate provided client list in
ssl/ssl_lib.c.
- CVE-2024-5535
Date: 2024-07-30 18:27:09.911890+00:00
Changed-By: Marc Deslauriers <marc.deslauriers at canonical.com>
https://launchpad.net/ubuntu/+source/openssl/1.1.1f-1ubuntu2.23
-------------- next part --------------
Sorry, changesfile not available.
More information about the Focal-changes
mailing list