[Bug 2125443] Re: Please merge openssl 3.5.3-1 into questing
Launchpad Bug Tracker
2125443 at bugs.launchpad.net
Sat Oct 4 11:51:39 UTC 2025
This bug was fixed in the package openssl - 3.5.3-1ubuntu2
---------------
openssl (3.5.3-1ubuntu2) questing; urgency=medium
* SECURITY UPDATE: Out-of-bounds read & write in RFC 3211 KEK Unwrap
- debian/patches/CVE-2025-9230.patch: fix incorrect check of unwrapped
key size in crypto/cms/cms_pwri.c.
- CVE-2025-9230
* SECURITY UPDATE: Timing side-channel in SM2 algorithm on 64 bit ARM
- debian/patches/CVE-2025-9231-1.patch: use constant time modular
inversion in crypto/ec/ecp_sm2p256.c.
- debian/patches/CVE-2025-9231-2.patch: remove unused code in
crypto/ec/ecp_sm2p256.c.
- CVE-2025-9231
* SECURITY UPDATE: Out-of-bounds read in HTTP client no_proxy handling
- debian/patches/CVE-2025-9232.patch: add missing terminating NUL byte
in crypto/http/http_lib.c.
- CVE-2025-9232
-- Hlib Korzhynskyy <hlib.korzhynskyy at canonical.com> Tue, 30 Sep 2025
16:17:50 -0230
** Changed in: openssl (Ubuntu)
Status: Fix Committed => Fix Released
** CVE added: https://cve.org/CVERecord?id=CVE-2025-9230
** CVE added: https://cve.org/CVERecord?id=CVE-2025-9231
** CVE added: https://cve.org/CVERecord?id=CVE-2025-9232
--
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to openssl in Ubuntu.
https://bugs.launchpad.net/bugs/2125443
Title:
Please merge openssl 3.5.3-1 into questing
Status in openssl package in Ubuntu:
Fix Released
Bug description:
This includes only bug fixes.
https://github.com/openssl/openssl/releases/tag/openssl-3.5.3
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/openssl/+bug/2125443/+subscriptions
More information about the foundations-bugs
mailing list