Format: 1.8 Date: Mon, 06 Feb 2023 12:57:17 -0500 Source: openssl Binary: libssl-dev libssl3 openssl Built-For-Profiles: noudeb Architecture: s390x s390x_translations Version: 3.0.5-2ubuntu2.1 Distribution: kinetic Urgency: medium Maintainer: Launchpad Build Daemon Changed-By: Marc Deslauriers Description: libssl-dev - Secure Sockets Layer toolkit - development files libssl3 - Secure Sockets Layer toolkit - shared libraries openssl - Secure Sockets Layer toolkit - cryptographic utility Changes: openssl (3.0.5-2ubuntu2.1) kinetic-security; urgency=medium . * SECURITY UPDATE: X.509 Name Constraints Read Buffer Overflow - debian/patches/CVE-2022-4203-1.patch: fix type confusion in nc_match_single() in crypto/x509/v3_ncons.c. - debian/patches/CVE-2022-4203-2.patch: add testcase for nc_match_single type confusion in test/*. - CVE-2022-4203 * SECURITY UPDATE: Timing Oracle in RSA Decryption - debian/patches/CVE-2022-4304.patch: fix timing oracle in crypto/bn/bn_blind.c, crypto/bn/bn_local.h, crypto/bn/build.info, crypto/bn/rsa_sup_mul.c, crypto/rsa/rsa_ossl.c, include/crypto/bn.h. - CVE-2022-4304 * SECURITY UPDATE: Double free after calling PEM_read_bio_ex - debian/patches/CVE-2022-4450-1.patch: avoid dangling ptrs in header and data params for PEM_read_bio_ex in crypto/pem/pem_lib.c. - debian/patches/CVE-2022-4450-2.patch: add a test in test/pemtest.c. - CVE-2022-4450 * SECURITY UPDATE: Use-after-free following BIO_new_NDEF - debian/patches/CVE-2023-0215-1.patch: fix a UAF resulting from a bug in BIO_new_NDEF in crypto/asn1/bio_ndef.c. - debian/patches/CVE-2023-0215-2.patch: check CMS failure during BIO setup with -stream is handled correctly in test/recipes/80-test_cms.t, test/smime-certs/badrsa.pem. - CVE-2023-0215 * SECURITY UPDATE: Invalid pointer dereference in d2i_PKCS7 functions - debian/patches/CVE-2023-0216-1.patch: do not dereference PKCS7 object data if not set in crypto/pkcs7/pk7_lib.c. - debian/patches/CVE-2023-0216-2.patch: add test for d2i_PKCS7 NULL dereference in test/recipes/25-test_pkcs7.t, test/recipes/25-test_pkcs7_data/malformed.pkcs7. - CVE-2023-0216 * SECURITY UPDATE: NULL dereference validating DSA public key - debian/patches/CVE-2023-0217-1.patch: fix NULL deference when validating FFC public key in crypto/ffc/ffc_key_validate.c, include/internal/ffc.h, test/ffc_internal_test.c. - debian/patches/CVE-2023-0217-2.patch: prevent creating DSA and DH keys without parameters through import in providers/implementations/keymgmt/dh_kmgmt.c, providers/implementations/keymgmt/dsa_kmgmt.c. - debian/patches/CVE-2023-0217-3.patch: do not create DSA keys without parameters by decoder in crypto/x509/x_pubkey.c, include/crypto/x509.h, providers/implementations/encode_decode/decode_der2key.c. - CVE-2023-0217 * SECURITY UPDATE: X.400 address type confusion in X.509 GeneralName - debian/patches/CVE-2023-0286.patch: fix GENERAL_NAME_cmp for x400Address in crypto/x509/v3_genn.c, include/openssl/x509v3.h.in, test/v3nametest.c. - CVE-2023-0286 * SECURITY UPDATE: NULL dereference during PKCS7 data verification - debian/patches/CVE-2023-0401-1.patch: check return of BIO_set_md() calls in crypto/pkcs7/pk7_doit.c. - debian/patches/CVE-2023-0401-2.patch: add testcase for missing return check of BIO_set_md() calls in test/recipes/80-test_cms.t, test/recipes/80-test_cms_data/pkcs7-md4.pem. - CVE-2023-0401 Checksums-Sha1: 3662339f02e2d15efa298d844ec10fc9f7cec632 2029448 libssl-dev_3.0.5-2ubuntu2.1_s390x.deb e3b592cb2bc116ce826606a21a0fab336864bc01 4809582 libssl3-dbgsym_3.0.5-2ubuntu2.1_s390x.ddeb b3b050634fb322156c4188fd9ea5d55d19c664ef 1567792 libssl3_3.0.5-2ubuntu2.1_s390x.deb 1f51742016ff678cc344505f41da8fbd96eb1c76 728920 openssl-dbgsym_3.0.5-2ubuntu2.1_s390x.ddeb 0e178551161fe31ce6e4dfdab212b8d555e9ba56 7408 openssl_3.0.5-2ubuntu2.1_s390x.buildinfo 699d6f6d75b4c1ecf0a5702fe09749fdc767e053 1162604 openssl_3.0.5-2ubuntu2.1_s390x.deb de466a5ee3c636a9274b961fd1b426f9e1dd7512 27388 openssl_3.0.5-2ubuntu2.1_s390x_translations.tar.gz Checksums-Sha256: 5f03dd9c3b557ca6163fbca8f5526d3cbbf709898fc97311829b7c70673a88b0 2029448 libssl-dev_3.0.5-2ubuntu2.1_s390x.deb 394b67855c701f60589278e0a7965d223d878637124ff0605384122ad15474a3 4809582 libssl3-dbgsym_3.0.5-2ubuntu2.1_s390x.ddeb 2f631b7cba0642372a40e7318f85656c576cc018d1302e7e56a4e7882c2db57f 1567792 libssl3_3.0.5-2ubuntu2.1_s390x.deb 744ca24683c8dab9b8ad2ce5274ad26a4fc3d096d487078be331fd5234516dae 728920 openssl-dbgsym_3.0.5-2ubuntu2.1_s390x.ddeb e7a591fb7a37cb55ab91b1cfbfc779f2f9f62e9e52edab59e73aa2c1374b695a 7408 openssl_3.0.5-2ubuntu2.1_s390x.buildinfo 8def3d8e29241a3e79fe82ef69492054ab63a6509376984b90ac2294405758e4 1162604 openssl_3.0.5-2ubuntu2.1_s390x.deb c4210fbc8c3fb4107a279e6c9e0961ec3f8df570d557c37cff46e072247e7c75 27388 openssl_3.0.5-2ubuntu2.1_s390x_translations.tar.gz Files: 6bc54bcd9b93ff9be5adc87eabb14425 2029448 libdevel optional libssl-dev_3.0.5-2ubuntu2.1_s390x.deb 2243358fa1e7924afd286b1288291d86 4809582 debug optional libssl3-dbgsym_3.0.5-2ubuntu2.1_s390x.ddeb 7123420428a3634104da1c85f4f19fed 1567792 libs optional libssl3_3.0.5-2ubuntu2.1_s390x.deb d9519c64174fcf53690acb000363a812 728920 debug optional openssl-dbgsym_3.0.5-2ubuntu2.1_s390x.ddeb 217eb6282b71d42375c8278cff069cc4 7408 utils optional openssl_3.0.5-2ubuntu2.1_s390x.buildinfo 3b873c3feef466994e1d5c4c87d4a792 1162604 utils optional openssl_3.0.5-2ubuntu2.1_s390x.deb 123334f4643f47e3a1ff4307994e38b7 27388 raw-translations - openssl_3.0.5-2ubuntu2.1_s390x_translations.tar.gz Original-Maintainer: Debian OpenSSL Team