openssl 1.1.1-1ubuntu2.1~18.04.21 source package in Ubuntu
Changelog
openssl (1.1.1-1ubuntu2.1~18.04.21) bionic-security; urgency=medium
* SECURITY UPDATE: Timing Oracle in RSA Decryption
- debian/patches/CVE-2022-4304.patch: fix timing oracle in
crypto/bn/bn_blind.c, crypto/bn/bn_err.c, crypto/bn/bn_lcl.h,
crypto/bn/rsa_sup_mul.c, crypto/err/openssl.txt,
crypto/rsa/rsa_ossl.c, include/openssl/bnerr.h,
crypto/include/internal/bn_int.h, crypto/bn/build.info.
- CVE-2022-4304
* SECURITY UPDATE: Double free after calling PEM_read_bio_ex
- debian/patches/CVE-2022-4450-1.patch: avoid dangling ptrs in header
and data params for PEM_read_bio_ex in crypto/pem/pem_lib.c.
- debian/patches/CVE-2022-4450-2.patch: add a test in test/pemtest.c.
- CVE-2022-4450
* SECURITY UPDATE: Use-after-free following BIO_new_NDEF
- debian/patches/CVE-2023-0215-1.patch: fix a UAF resulting from a bug
in BIO_new_NDEF in crypto/asn1/bio_ndef.c.
- debian/patches/CVE-2023-0215-2.patch: check CMS failure during BIO
setup with -stream is handled correctly in
test/recipes/80-test_cms.t, test/smime-certs/badrsa.pem.
- CVE-2023-0215
* SECURITY UPDATE: X.400 address type confusion in X.509 GeneralName
- debian/patches/CVE-2023-0286.patch: fix GENERAL_NAME_cmp for
x400Address in crypto/x509/v3_genn.c, include/openssl/x509v3.h,
test/v3nametest.c.
- CVE-2023-0286
-- Marc Deslauriers <email address hidden> Mon, 06 Feb 2023 12:57:17 -0500
Upload details
- Uploaded by:
- Marc Deslauriers
- Uploaded to:
- Bionic
- Original maintainer:
- Ubuntu Developers
- Architectures:
- any all
- Section:
- utils
- Urgency:
- Medium Urgency
See full publishing history Publishing
| Series | Published | Component | Section |
|---|
Downloads
| File | Size | SHA-256 Checksum |
|---|---|---|
| openssl_1.1.1.orig.tar.gz | 8.0 MiB | 2836875a0f89c03d0fdf483941512613a50cfb421d6fd94b9f41d7279d586a3d |
| openssl_1.1.1-1ubuntu2.1~18.04.21.debian.tar.xz | 176.8 KiB | 5a795d073ed16aaa0c26aadfdd274dad355c7f5c092edc0e48be9c92d26867fa |
| openssl_1.1.1-1ubuntu2.1~18.04.21.dsc | 2.5 KiB | 5a46adb5f69866753aea12684419ad250597c15d0f0c0d69c660e86392a32788 |
Available diffs
Binary packages built by this source
- libcrypto1.1-udeb: Secure Sockets Layer toolkit - libcrypto udeb
This package is part of the OpenSSL project's implementation of the SSL
and TLS cryptographic protocols for secure communication over the
Internet.
.
It contains a version of the libcrypto shared library for use with the
Debian Installer. Do not install it on a normal system.
- libssl-dev: Secure Sockets Layer toolkit - development files
This package is part of the OpenSSL project's implementation of the SSL
and TLS cryptographic protocols for secure communication over the
Internet.
.
It contains development libraries, header files, and manpages for libssl
and libcrypto.
- libssl-doc: Secure Sockets Layer toolkit - development documentation
This package is part of the OpenSSL project's implementation of the SSL
and TLS cryptographic protocols for secure communication over the
Internet.
.
It contains manpages and demo files for libssl and libcrypto.
- libssl1.1: Secure Sockets Layer toolkit - shared libraries
This package is part of the OpenSSL project's implementation of the SSL
and TLS cryptographic protocols for secure communication over the
Internet.
.
It provides the libssl and libcrypto shared libraries.
- libssl1.1-dbgsym: debug symbols for libssl1.1
- libssl1.1-udeb: ssl shared library - udeb
libssl shared library.
.
Do not install it on a normal system.
- openssl: Secure Sockets Layer toolkit - cryptographic utility
This package is part of the OpenSSL project's implementation of the SSL
and TLS cryptographic protocols for secure communication over the
Internet.
.
It contains the general-purpose command line binary /usr/bin/openssl,
useful for cryptographic operations such as:
* creating RSA, DH, and DSA key parameters;
* creating X.509 certificates, CSRs, and CRLs;
* calculating message digests;
* encrypting and decrypting with ciphers;
* testing SSL/TLS clients and servers;
* handling S/MIME signed or encrypted mail.
- openssl-dbgsym: debug symbols for openssl
