Univention Bugzilla – Bug 55737
openssl: Multiple issues (5.0)
Last modified: 2023-02-23 16:55:10 CET
New Debian openssl 1.1.1n-0+deb10u4 fixes: This update addresses the following issues: * AES OCB fails to encrypt some bytes (CVE-2022-2097) * timing attack in RSA Decryption implementation (CVE-2022-4304) * double free after calling PEM_read_bio_ex (CVE-2022-4450) * use-after-free following BIO_new_NDEF (CVE-2023-0215) * X.400 address type confusion in X.509 GeneralName (CVE-2023-0286)
--- mirror/ftp/pool/main/o/openssl/openssl_1.1.1n-0+deb10u3.dsc +++ apt/ucs_5.0-0-errata5.0-3/source/openssl_1.1.1n-0+deb10u4.dsc @@ -1,3 +1,12 @@ +1.1.1n-0+deb10u4 [Mon, 20 Feb 2023 11:04:50 +0100] Emilio Pozuelo Monfort <pochu@debian.org>: + + * Non-maintainer upload by the LTS Team. + * CVE-2022-4450 (Double free after calling PEM_read_bio_ex). + * CVE-2023-0286 (X.400 address type confusion in X.509 GeneralName). + * CVE-2023-0215 (Use-after-free following BIO_new_NDEF). + * CVE-2022-4304 (Timing Oracle in RSA Decryption). + * CVE-2022-2097 (AES OCB fails to encrypt some bytes). + 1.1.1n-0+deb10u3 [Fri, 24 Jun 2022 22:07:00 +0200] Sebastian Andrzej Siewior <sebastian@breakpoint.cc>: * CVE-2022-2068 (The c_rehash script allows command injection). <http://piuparts.knut.univention.de/5.0-3/#8379414865724610480>
OK: bug OK: yaml OK: announce_errata OK: patch OK: piuparts [5.0-3] b85795840e Bug #55737: openssl 1.1.1n-0+deb10u4 doc/errata/staging/openssl.yaml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) [5.0-3] 3bb1a08f05 Bug #55737: openssl 1.1.1n-0+deb10u4 doc/errata/staging/openssl.yaml | 20 ++++++++++++++++++++ 1 file changed, 20 insertions(+)
<https://errata.software-univention.de/#/?erratum=5.0x592>