[Bug 1951279] [NEW] OpenSSL 1.1.1f raise a segmentation faults on Arm64 builds
Launchpad Bug Tracker
1951279 at bugs.launchpad.net
Sat Feb 5 23:01:10 UTC 2022
You have been subscribed to a public bug by Anders Kaseorg (andersk):
Description
-----------
It seems that current Ubuntu 20.04 (Focal) distribution for
Arm64/Aarch64 raise a segmentation fault when certain validates some
certificates.
This issue affects only to Arm64/Aarch64 all the tools statically or
dynamically linked with this version of the library are affected
(Libcurl4, Curl, Wget, OpenJDK, Curl-PHP, etc).
Environment and platform
------------------------
Linux 5.4.0-89-generic #100-Ubuntu SMP Fri Sep 24 14:29:20 UTC 2021 aarch64 aarch64 aarch64 GNU/Linux
Steps to reproduce
------------------
1. Run:
curl -v https://graph.facebook.com/v12.0/act_111/
or
wget https://graph.facebook.com/v12.0/act_111/
Result received
---------------
Segmentation fault (core dumped)
Notes
-----
This bug was found by the Curl users:
See: https://github.com/curl/curl/issues/8024
I believe that this bug is related to
https://ubuntu.com/security/CVE-2020-1967 that maybe used as a vector
point for code injection.
Actually there isn't any replacement for OpenSSL 1.1.1f for Focal
(Arm64), so it makes difficult to use Ubuntu 20.04 in a production
environment.
** Affects: openssl
Importance: Unknown
Status: Unknown
** Affects: openssl (Ubuntu)
Importance: Undecided
Status: Confirmed
** Affects: openssl (Debian)
Importance: Unknown
Status: Unknown
--
OpenSSL 1.1.1f raise a segmentation faults on Arm64 builds
https://bugs.launchpad.net/bugs/1951279
You received this bug notification because you are a member of Ubuntu Sponsors Team, which is subscribed to the bug report.
More information about the Ubuntu-sponsors
mailing list