[Bug 1951279] Re: OpenSSL 1.1.1f raise a segmentation faults on Arm64 builds
Bug Watch Updater
1951279 at bugs.launchpad.net
Sun Feb 6 03:11:44 UTC 2022
** Changed in: openssl (Debian)
Status: Unknown => New
--
You received this bug notification because you are a member of Ubuntu
Sponsors Team, which is subscribed to the bug report.
https://bugs.launchpad.net/bugs/1951279
Title:
OpenSSL 1.1.1f raise a segmentation faults on Arm64 builds
Status in OpenSSL:
Fix Released
Status in openssl package in Ubuntu:
Confirmed
Status in openssl package in Debian:
New
Bug description:
Description
-----------
It seems that current Ubuntu 20.04 (Focal) distribution for
Arm64/Aarch64 raise a segmentation fault when certain validates some
certificates.
This issue affects only to Arm64/Aarch64 all the tools statically or
dynamically linked with this version of the library are affected
(Libcurl4, Curl, Wget, OpenJDK, Curl-PHP, etc).
Environment and platform
------------------------
Linux 5.4.0-89-generic #100-Ubuntu SMP Fri Sep 24 14:29:20 UTC 2021 aarch64 aarch64 aarch64 GNU/Linux
Steps to reproduce
------------------
1. Run:
curl -v https://graph.facebook.com/v12.0/act_111/
or
wget https://graph.facebook.com/v12.0/act_111/
Result received
---------------
Segmentation fault (core dumped)
Notes
-----
This bug was found by the Curl users:
See: https://github.com/curl/curl/issues/8024
I believe that this bug is related to
https://ubuntu.com/security/CVE-2020-1967 that maybe used as a vector
point for code injection.
Actually there isn't any replacement for OpenSSL 1.1.1f for Focal
(Arm64), so it makes difficult to use Ubuntu 20.04 in a production
environment.
To manage notifications about this bug go to:
https://bugs.launchpad.net/openssl/+bug/1951279/+subscriptions
More information about the Ubuntu-sponsors
mailing list