Ubuntu
openssl package

openssl 3.0.5-2ubuntu2.2 source package in Ubuntu

Changelog

openssl (3.0.5-2ubuntu2.2) kinetic-security; urgency=medium

  * SECURITY UPDATE: double locking when processing X.509 certificate policy
    constraints
    - debian/patches/CVE-2022-3996-1.patch: revert commit 9aa4be69 and remove
      redundant flag setting.
    - debian/patches/CVE-2022-3996-2.patch: add test case for reported
      deadlock.
    - CVE-2022-3996
  * SECURITY UPDATE: excessive resource use when verifying policy constraints
    - debian/patches/CVE-2023-0464-1.patch: limit the number of nodes created
      in a policy tree (the default limit is set to 1000 nodes).
    - debian/patches/CVE-2023-0464-2.patch: add test cases for the policy
      resource overuse.
    - debian/patches/CVE-2023-0464-3.patch: disable the policy tree
      exponential growth test conditionally.
    - CVE-2023-0464
  * SECURITY UPDATE: invalid certificate policies ignored in leaf certificates
    - debian/patches/CVE-2023-0465-1.patch: ensure that EXFLAG_INVALID_POLICY
      is checked even in leaf certs.
    - debian/patches/CVE-2023-0465-2.patch: generate some certificates with
      the certificatePolicies extension.
    - debian/patches/CVE-2023-0465-3.patch: add a certificate policies test.
    - CVE-2023-0466
  * SECURITY UPDATE: certificate policy check in X509_VERIFY_PARAM_add0_policy
    not enabled as documented
    - debian/patches/CVE-2023-0466.patch: fix documentation of
      X509_VERIFY_PARAM_add0_policy().
    - CVE-2023-0466

 -- Camila Camargo de Matos <email address hidden>  Mon, 17 Apr 2023 15:14:07 -0300

Upload details

Uploaded by:
Camila Camargo de Matos
Uploaded to:
Kinetic
Original maintainer:
Ubuntu Developers
Architectures:
any all
Section:
utils
Urgency:
Medium Urgency

See full publishing history Publishing

Series Pocket Published Component Section

Downloads

File Size SHA-256 Checksum
openssl_3.0.5.orig.tar.gz 14.4 MiB aa7d8d9bef71ad6525c55ba11e5f4397889ce49c2c9349dcea6d3e4f0b024a7a
openssl_3.0.5.orig.tar.gz.asc 862 bytes 95f23bb4eb6faa8d0f1ca1b83cfb00a2bed4b53e124a4f13e1499abc0b426129
openssl_3.0.5-2ubuntu2.2.debian.tar.xz 191.6 KiB 637ba75c2650311715bb290c7f306898dc93b694d97c02635b23e005043e1166
openssl_3.0.5-2ubuntu2.2.dsc 2.4 KiB 98a8dd9e24491914be23d9aa7ab705cc13a63057627e769d49706131007b313c

View changes file

Binary packages built by this source

libssl-dev: No summary available for libssl-dev in ubuntu kinetic.

No description available for libssl-dev in ubuntu kinetic.

libssl-doc: No summary available for libssl-doc in ubuntu kinetic.

No description available for libssl-doc in ubuntu kinetic.

libssl3: No summary available for libssl3 in ubuntu kinetic.

No description available for libssl3 in ubuntu kinetic.

libssl3-dbgsym: No summary available for libssl3-dbgsym in ubuntu kinetic.

No description available for libssl3-dbgsym in ubuntu kinetic.

openssl: No summary available for openssl in ubuntu kinetic.

No description available for openssl in ubuntu kinetic.

openssl-dbgsym: No summary available for openssl-dbgsym in ubuntu kinetic.

No description available for openssl-dbgsym in ubuntu kinetic.