[Bug 1951279] Re: OpenSSL 1.1.1f raise a segmentation faults on Arm64 builds

Juan 1951279 at bugs.launchpad.net
Fri Nov 19 15:05:26 UTC 2021 

More information about the OpenSSL version:

Package: openssl
Architecture: arm64
Version: 1.1.1f-1ubuntu2.9
Multi-Arch: foreign
Priority: important
Section: utils
Origin: Ubuntu
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Original-Maintainer: Debian OpenSSL Team <pkg-openssl-devel at lists.alioth.debian.org>
Bugs: https://bugs.launchpad.net/ubuntu/+filebug
Installed-Size: 1213
Depends: libc6 (>= 2.17), libssl1.1 (>= 1.1.1)
Suggests: ca-certificates
Filename: pool/main/o/openssl/openssl_1.1.1f-1ubuntu2.9_arm64.deb
Size: 598980
MD5sum: da89b21f3a0fe0fb5742b406ddcfe3f0
SHA1: 46000c169dc62b33e5a5cf0775597382576de1d3
SHA256: 62ccb4f98929011145f9d49cefa23a21388ee72aab46b304ad05fec6d46d7d2e
SHA512: 27058d8acf628ad2b26926c779c444c7393d44c897f6d23b97c7fc89ae4b0af7dd6ef8d9c28d0aca87fde107235da
940c8a0cb068e5274d87776c44ecd9e399a

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to openssl in Ubuntu.
https://bugs.launchpad.net/bugs/1951279

Title:
  OpenSSL 1.1.1f raise a segmentation faults on Arm64 builds

Status in openssl package in Ubuntu:
  Incomplete

Bug description:
  Description
  -----------

  It seems that current Ubuntu 20.04 (Focal) distribution for
  Arm64/Aarch64 raise a segmentation fault when certain validates some
  certificates.

  This issue affects only to Arm64/Aarch64 all the tools statically or
  dynamically linked with this version of the library are affected
  (Libcurl4, Curl, Wget, OpenJDK, Curl-PHP, etc).

  
  Environment and platform
  ------------------------
  Linux 5.4.0-89-generic #100-Ubuntu SMP Fri Sep 24 14:29:20 UTC 2021 aarch64 aarch64 aarch64 GNU/Linux

  
  Steps to reproduce
  ------------------

  1. Run:

  curl -v https://graph.facebook.com/v12.0/act_111/

  or

  wget https://graph.facebook.com/v12.0/act_111/

  
  Result received
  ---------------

  Segmentation fault (core dumped)

  
  Notes
  -----

  This bug was found by the Curl users:
  See: https://github.com/curl/curl/issues/8024

  I believe that this bug is related to
  https://ubuntu.com/security/CVE-2020-1967 that maybe used as a vector
  point for code injection.

  Actually there isn't any replacement for OpenSSL 1.1.1f for Focal
  (Arm64), so it makes difficult to use Ubuntu 20.04 in a production
  environment.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/openssl/+bug/1951279/+subscriptions

More information about the foundations-bugs mailing list