[ubuntu/jammy-security] openssl 3.0.2-0ubuntu1.14 (Accepted)

Marc Deslauriers marc.deslauriers at canonical.com
Mon Feb 5 10:40:56 UTC 2024 

openssl (3.0.2-0ubuntu1.14) jammy-security; urgency=medium

  * SECURITY UPDATE: Excessive time spent in DH check / generation with
    large Q parameter value
    - debian/patches/CVE-2023-5678.patch: make DH_check_pub_key() and
      DH_generate_key() safer yet in crypto/dh/dh_check.c,
      crypto/dh/dh_err.c, crypto/dh/dh_key.c, crypto/err/openssl.txt,
      include/crypto/dherr.h, include/openssl/dh.h,
      include/openssl/dherr.h.
    - CVE-2023-5678
  * SECURITY UPDATE: POLY1305 MAC implementation corrupts vector registers
    on PowerPC
    - debian/patches/CVE-2023-6129.patch: fix vector register clobbering in
      crypto/poly1305/asm/poly1305-ppc.pl.
    - CVE-2023-6129
  * SECURITY UPDATE: Excessive time spent checking invalid RSA public keys
    - debian/patches/CVE-2023-6237.patch: limit the execution time of RSA
      public key check in crypto/rsa/rsa_sp800_56b_check.c,
      test/recipes/91-test_pkey_check.t,
      test/recipes/91-test_pkey_check_data/rsapub_17k.pem.
    - CVE-2023-6237
  * SECURITY UPDATE: PKCS12 Decoding crashes
    - debian/patches/CVE-2024-0727.patch: add NULL checks where ContentInfo
      data can be NULL in crypto/pkcs12/p12_add.c,
      crypto/pkcs12/p12_mutl.c, crypto/pkcs12/p12_npas.c,
      crypto/pkcs7/pk7_mime.c.
    - CVE-2024-0727

openssl (3.0.2-0ubuntu1.13) jammy; urgency=medium

  * Fix (upstream): crash when using an engine for ciphers used by DRBG
    (LP: #2023545)
    - lp2023545/0001-Release-the-drbg-in-the-global-default-context-befor.patch
  * Fix (upstream): do not ignore return values for S/MIME signature
    (LP: #1994165)
    - lp1994165/0001-REGRESSION-CMS_final-do-not-ignore-CMS_dataFinal-res.patch
  * Perf (upstream): don't empty method stores and provider synchronization
    records when flushing the query cache (LP: #2033422)
    - lp2033422/0001-Drop-ossl_provider_clear_all_operation_bits-and-all-.patch
    - lp2033422/0002-Refactor-method-construction-pre-and-post-condition.patch
    - lp2033422/0003-Don-t-empty-the-method-store-when-flushing-the-query.patch
    - lp2033422/0004-Make-it-possible-to-remove-methods-by-the-provider-t.patch
    - lp2033422/0005-Complete-the-cleanup-of-an-algorithm-in-OSSL_METHOD_.patch
    - lp2033422/0006-For-child-libctx-provider-don-t-count-self-reference.patch
    - lp2033422/0007-Add-method-store-cache-flush-and-method-removal-to-n.patch

Date: 2024-02-01 12:35:13.610363+00:00
Changed-By: Marc Deslauriers <marc.deslauriers at canonical.com>
https://launchpad.net/ubuntu/+source/openssl/3.0.2-0ubuntu1.14
-------------- next part --------------
Sorry, changesfile not available.

More information about the jammy-changes mailing list