[Bug 1999139] Re: Outdate version check for restart in libssl3.postinst
Launchpad Bug Tracker
1999139 at bugs.launchpad.net
Mon Jan 23 13:47:30 UTC 2023
This bug was fixed in the package openssl - 3.0.7-1ubuntu1
---------------
openssl (3.0.7-1ubuntu1) lunar; urgency=medium
* Merge 3.0.7 from Debian unstable (LP: #1998942)
- Drop patches merged upstream:
+ CVE-2022-3358.patch
+ CVE-2022-3602-1.patch
+ CVE-2022-3602-2.patch
- Shrink patch since upstream fixed some tests in the patch above:
+ tests-use-seclevel-1.patch
- Drop patch since -DOPENSSL_TLS_SECURITY_LEVEL=2 is now hard-coded:
+ Set-systemwide-default-settings-for-libssl-users.patch
- Drop Debian patch not needed anymore:
+ TEST-Provide-a-default-openssl.cnf-for-tests.patch
- Mention Debian as defaulting to SECLEVEL=2 in addition to Ubuntu:
+ tls1.2-min-seclevel2.patch
- Remaining changes:
+ Symlink changelog{,.Debian}.gz and copyright.gz from libssl-dev to
openssl
+ d/libssl3.postinst: Revert Debian deletion
- Skip services restart & reboot notification if needrestart is in-use.
- Bump version check to 1.1.1 (bug opened as LP: #1999139)
- Use a different priority for libssl1.1/restart-services depending
on whether a desktop, or server dist-upgrade is being performed.
- Import libraries/restart-without-asking template as used by above.
+ Add support for building with noudeb build profile.
+ Use perl:native in the autopkgtest for installability on i386.
* Correct comment as to which TLS version is disabled with our seclevel:
- skip_tls1.1_seclevel3_tests.patch
[Sebastian Andrzej Siewior]
* CVE-2022-3996 (X.509 Policy Constraints Double Locking).
openssl (3.0.7-1) unstable; urgency=medium
* Import 3.0.7
- Using a Custom Cipher with NID_undef may lead to NULL encryption
(CVE-2022-3358) (Closes: #1021620).
- X.509 Email Address 4-byte Buffer Overflow (CVE-2022-3602).
- X.509 Email Address Variable Length Buffer Overflow (CVE-2022-3786).
* Disable rdrand engine (the opcode on x86).
* Remove config bits for MIPS R6, the generic MIPS config can be used.
openssl (3.0.5-4) unstable; urgency=medium
* Add ssl_conf() serialisation (Closes: #1020308).
openssl (3.0.5-3) unstable; urgency=medium
* Add cert.pem symlink pointing to ca-certificates' ca-certificates.crt
(Closes: #805646).
* Compile with OPENSSL_TLS_SECURITY_LEVEL=2 (Closes: #918727).
-- Adrien Nader <adrien.nader at canonical.com> Tue, 06 Dec 2022 15:11:40
+0100
** Changed in: openssl (Ubuntu)
Status: New => Fix Released
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2022-3358
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2022-3602
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2022-3786
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2022-3996
--
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to openssl in Ubuntu.
https://bugs.launchpad.net/bugs/1999139
Title:
Outdate version check for restart in libssl3.postinst
Status in openssl package in Ubuntu:
Fix Released
Bug description:
Our version of libssl3.postinst compares the installed version to
"1.1.1-1ubuntu2.1~18.04.2" (moreover the test is done twice) which is
unlikely to be what we want nowadays.
The version needs to be updated and since we have been carrying this
as a delta from Debian, it would be a good idea to ensure the
behaviour still matches what we currently want.
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/openssl/+bug/1999139/+subscriptions
More information about the foundations-bugs
mailing list