[ubuntu/jammy-security] openssl 3.0.2-0ubuntu1.16 (Accepted)

Alex Murray alex.murray at canonical.com
Thu Jun 27 00:58:29 UTC 2024


openssl (3.0.2-0ubuntu1.16) jammy-security; urgency=medium

  * SECURITY UPDATE: Excessive time spent in DH modular-exponentiation
    calcuations when using long exponents.
    - debian/patches/CVE-2022-40735-1.patch: Use the minimum key length
      for known safe primes as per RFC 7919 in crypto/dh/dh_group_params.c,
      crypto/ffc/ffc_backend.c, crypto/ffc/ffc_dh.c,
      crypto/ffc/ffc_key_generate.c, include/internal/ffc.h and
      test/ffc_internal_test.c
    - debian/patches/CVE-2022-40735-2.patch: print DH key length in
      providers/implementations/encode_decode/encode_key2text.c,
      test/recipes/30-test_evp_pkey_provided/DH.priv.txt and
      test/recipes/30-test_evp_pkey_provided/DH.pub.txt
    - debian/patches/CVE-2022-40735-3.patch: test that short private keys
      are generated when using a known safe DH prime in
      test/evp_extra_test2.c
    - debian/patches/CVE-2022-40735-4.patch: copy keylength when copying
      FFC parameters in crypto/ffc/ffc_params.c and test/ffc_internal_test.c
    - CVE-2022-40735

Date: 2024-06-05 23:12:09.683333+00:00
Changed-By: Alex Murray <alex.murray at canonical.com>
https://launchpad.net/ubuntu/+source/openssl/3.0.2-0ubuntu1.16
-------------- next part --------------
Sorry, changesfile not available.


More information about the jammy-changes mailing list