[Bug 1951279] Re: OpenSSL 1.1.1f raise a segmentation faults on Arm64 builds
Mauricio Faria de Oliveira
1951279 at bugs.launchpad.net
Fri Aug 5 14:19:01 UTC 2022
Update: this has been fixed in Focal (same fix commit):
openssl (1.1.1f-1ubuntu2.11) focal; urgency=medium
* Fixup pointer authentication for armv8 systems that support it when
using the poly1305 MAC, preventing segmentation faults. (LP: #1960863)
- d/p/lp-1960863-crypto-poly1305-asm-fix-armv8-pointer-authenticat.patch
-- Matthew Ruffell <matthew.ruffell at canonical.com> Tue, 15 Feb 2022
10:10:01 +1300
** Changed in: openssl (Ubuntu Focal)
Status: Confirmed => Fix Released
--
You received this bug notification because you are a member of Ubuntu
Sponsors Team, which is subscribed to the bug report.
https://bugs.launchpad.net/bugs/1951279
Title:
OpenSSL 1.1.1f raise a segmentation faults on Arm64 builds
Status in OpenSSL:
Fix Released
Status in openssl package in Ubuntu:
Fix Released
Status in openssl source package in Focal:
Fix Released
Status in openssl package in Debian:
Fix Released
Bug description:
Description
-----------
It seems that current Ubuntu 20.04 (Focal) distribution for
Arm64/Aarch64 raise a segmentation fault when certain validates some
certificates.
This issue affects only to Arm64/Aarch64 all the tools statically or
dynamically linked with this version of the library are affected
(Libcurl4, Curl, Wget, OpenJDK, Curl-PHP, etc).
Environment and platform
------------------------
Linux 5.4.0-89-generic #100-Ubuntu SMP Fri Sep 24 14:29:20 UTC 2021 aarch64 aarch64 aarch64 GNU/Linux
Steps to reproduce
------------------
1. Run:
curl -v https://graph.facebook.com/v12.0/act_111/
or
wget https://graph.facebook.com/v12.0/act_111/
Result received
---------------
Segmentation fault (core dumped)
Notes
-----
This bug was found by the Curl users:
See: https://github.com/curl/curl/issues/8024
I believe that this bug is related to
https://ubuntu.com/security/CVE-2020-1967 that maybe used as a vector
point for code injection.
Actually there isn't any replacement for OpenSSL 1.1.1f for Focal
(Arm64), so it makes difficult to use Ubuntu 20.04 in a production
environment.
To manage notifications about this bug go to:
https://bugs.launchpad.net/openssl/+bug/1951279/+subscriptions
More information about the Ubuntu-sponsors
mailing list