[Bug 2054090] Re: Implicit rejection of PKCS#1 v1.5 RSA
David Fernandez Gonzalez
2054090 at bugs.launchpad.net
Thu Feb 22 15:31:46 UTC 2024
** Changed in: openssl (Ubuntu Bionic)
Assignee: (unassigned) => David Fernandez Gonzalez (litios)
** Changed in: openssl (Ubuntu Focal)
Assignee: (unassigned) => David Fernandez Gonzalez (litios)
** Changed in: openssl (Ubuntu Jammy)
Assignee: (unassigned) => David Fernandez Gonzalez (litios)
** Changed in: openssl (Ubuntu Mantic)
Assignee: (unassigned) => David Fernandez Gonzalez (litios)
** Changed in: openssl (Ubuntu Noble)
Assignee: (unassigned) => David Fernandez Gonzalez (litios)
** Changed in: openssl (Ubuntu Xenial)
Assignee: (unassigned) => David Fernandez Gonzalez (litios)
** Changed in: openssl (Ubuntu Trusty)
Assignee: (unassigned) => David Fernandez Gonzalez (litios)
--
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to openssl in Ubuntu.
https://bugs.launchpad.net/bugs/2054090
Title:
Implicit rejection of PKCS#1 v1.5 RSA
Status in openssl package in Ubuntu:
New
Status in openssl source package in Trusty:
New
Status in openssl source package in Xenial:
New
Status in openssl source package in Bionic:
New
Status in openssl source package in Focal:
New
Status in openssl source package in Jammy:
New
Status in openssl source package in Mantic:
New
Status in openssl source package in Noble:
New
Bug description:
OpenSSL 3.2.0 introduced a change on PKCS#1 v1.5 RSA to return random
output instead of an exception when detecting wrong padding
(https://github.com/openssl/openssl/pull/13817).
There are available backports already:
* 3.0 https://gitlab.com/redhat/centos-
stream/rpms/openssl/-/blob/c9s/0120-RSA-PKCS15-implicit-
rejection.patch?ref_type=heads
* 1.1.1 https://gitlab.com/redhat/centos-
stream/rpms/openssl/-/blob/c8s/openssl-1.1.1-pkcs1-implicit-
rejection.patch?ref_type=heads
This change is needed to fix CVE-2023-50782.
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/openssl/+bug/2054090/+subscriptions
More information about the foundations-bugs
mailing list