[ubuntu/noble-proposed] openssl 3.0.10-1ubuntu4 (Accepted)
Marc Deslauriers
marc.deslauriers at ubuntu.com
Thu Feb 1 02:00:15 UTC 2024
openssl (3.0.10-1ubuntu4) noble; urgency=medium
* SECURITY UPDATE: Excessive time spent in DH check / generation with
large Q parameter value
- debian/patches/CVE-2023-5678.patch: make DH_check_pub_key() and
DH_generate_key() safer yet in crypto/dh/dh_check.c,
crypto/dh/dh_err.c, crypto/dh/dh_key.c, crypto/err/openssl.txt,
include/crypto/dherr.h, include/openssl/dh.h,
include/openssl/dherr.h.
- CVE-2023-5678
* SECURITY UPDATE: POLY1305 MAC implementation corrupts vector registers
on PowerPC
- debian/patches/CVE-2023-6129.patch: fix vector register clobbering in
crypto/poly1305/asm/poly1305-ppc.pl.
- CVE-2023-6129
* SECURITY UPDATE: Excessive time spent checking invalid RSA public keys
- debian/patches/CVE-2023-6237.patch: limit the execution time of RSA
public key check in crypto/rsa/rsa_sp800_56b_check.c,
test/recipes/91-test_pkey_check.t,
test/recipes/91-test_pkey_check_data/rsapub_17k.pem.
- CVE-2023-6237
* SECURITY UPDATE: PKCS12 Decoding crashes
- debian/patches/CVE-2024-0727.patch: add NULL checks where ContentInfo
data can be NULL in crypto/pkcs12/p12_add.c,
crypto/pkcs12/p12_mutl.c, crypto/pkcs12/p12_npas.c,
crypto/pkcs7/pk7_mime.c.
- CVE-2024-0727
Date: Wed, 31 Jan 2024 13:03:16 -0500
Changed-By: Marc Deslauriers <marc.deslauriers at ubuntu.com>
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
https://launchpad.net/ubuntu/+source/openssl/3.0.10-1ubuntu4
-------------- next part --------------
Format: 1.8
Date: Wed, 31 Jan 2024 13:03:16 -0500
Source: openssl
Built-For-Profiles: noudeb
Architecture: source
Version: 3.0.10-1ubuntu4
Distribution: noble
Urgency: medium
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Changed-By: Marc Deslauriers <marc.deslauriers at ubuntu.com>
Changes:
openssl (3.0.10-1ubuntu4) noble; urgency=medium
.
* SECURITY UPDATE: Excessive time spent in DH check / generation with
large Q parameter value
- debian/patches/CVE-2023-5678.patch: make DH_check_pub_key() and
DH_generate_key() safer yet in crypto/dh/dh_check.c,
crypto/dh/dh_err.c, crypto/dh/dh_key.c, crypto/err/openssl.txt,
include/crypto/dherr.h, include/openssl/dh.h,
include/openssl/dherr.h.
- CVE-2023-5678
* SECURITY UPDATE: POLY1305 MAC implementation corrupts vector registers
on PowerPC
- debian/patches/CVE-2023-6129.patch: fix vector register clobbering in
crypto/poly1305/asm/poly1305-ppc.pl.
- CVE-2023-6129
* SECURITY UPDATE: Excessive time spent checking invalid RSA public keys
- debian/patches/CVE-2023-6237.patch: limit the execution time of RSA
public key check in crypto/rsa/rsa_sp800_56b_check.c,
test/recipes/91-test_pkey_check.t,
test/recipes/91-test_pkey_check_data/rsapub_17k.pem.
- CVE-2023-6237
* SECURITY UPDATE: PKCS12 Decoding crashes
- debian/patches/CVE-2024-0727.patch: add NULL checks where ContentInfo
data can be NULL in crypto/pkcs12/p12_add.c,
crypto/pkcs12/p12_mutl.c, crypto/pkcs12/p12_npas.c,
crypto/pkcs7/pk7_mime.c.
- CVE-2024-0727
Checksums-Sha1:
db023492c6f6a04af420d78f13347ecbe854e14f 2498 openssl_3.0.10-1ubuntu4.dsc
fcc92356fe484970c22c60ee365d4f05e44a705b 127768 openssl_3.0.10-1ubuntu4.debian.tar.xz
2ad6eb98c799751074e49249ec53147916914378 6598 openssl_3.0.10-1ubuntu4_source.buildinfo
Checksums-Sha256:
d1341c748c7dfa01657ef9351f1c3c9437cf694caa041bd84d773e4cf0143b08 2498 openssl_3.0.10-1ubuntu4.dsc
c65188925a3af07c7cd441fbf1bc1e2f8ee731cdb257056e7295d1890885f85c 127768 openssl_3.0.10-1ubuntu4.debian.tar.xz
d333aaa97a10fb51ea52edf8c2559c7576182367f8db41f0b7b1b255717dca07 6598 openssl_3.0.10-1ubuntu4_source.buildinfo
Files:
f5a5927896b53db7caeb7c60e7b6e3d4 2498 utils optional openssl_3.0.10-1ubuntu4.dsc
0bb715c08e2f2eaa9bedea7b19d7a4b9 127768 utils optional openssl_3.0.10-1ubuntu4.debian.tar.xz
2321ca6395de429b35abd01626521324 6598 utils optional openssl_3.0.10-1ubuntu4_source.buildinfo
Original-Maintainer: Debian OpenSSL Team <pkg-openssl-devel at alioth-lists.debian.net>
More information about the noble-changes
mailing list