[Touch-packages] [Bug 2054090] Re: Implicit rejection of PKCS#1 v1.5 RSA
Trusty would require a significant backport, marking it as won't fix to prevent possible regressions. ** Changed in: openssl (Ubuntu Trusty) Assignee: David Fernandez Gonzalez (litios) => (unassigned) -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to openssl in Ubuntu. https://bugs.launchpad.net/bugs/2054090 Title: Implicit rejection of PKCS#1 v1.5 RSA Status in openssl package in Ubuntu: New Status in openssl source package in Trusty: Won't Fix Status in openssl source package in Xenial: Fix Released Status in openssl source package in Bionic: Fix Released Status in openssl source package in Focal: Fix Released Status in openssl source package in Jammy: Fix Released Status in openssl source package in Mantic: Fix Released Status in openssl source package in Noble: New Bug description: OpenSSL 3.2.0 introduced a change on PKCS#1 v1.5 RSA to return random output instead of an exception when detecting wrong padding (https://github.com/openssl/openssl/pull/13817). There are available backports already: * 3.0 https://gitlab.com/redhat/centos- stream/rpms/openssl/-/blob/c9s/0120-RSA-PKCS15-implicit- rejection.patch?ref_type=heads * 1.1.1 https://gitlab.com/redhat/centos- stream/rpms/openssl/-/blob/c8s/openssl-1.1.1-pkcs1-implicit- rejection.patch?ref_type=heads This change is needed to fix CVE-2023-50782. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openssl/+bug/2054090/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 2054090] Re: Implicit rejection of PKCS#1 v1.5 RSA
Fixed released for Xenial ESM: 1.0.2g-1ubuntu4.20+esm12 https://ubuntu.com/security/notices/USN-6663-2 ** Changed in: openssl (Ubuntu Xenial) Status: New => Fix Released ** Changed in: openssl (Ubuntu Trusty) Status: New => Won't Fix -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to openssl in Ubuntu. https://bugs.launchpad.net/bugs/2054090 Title: Implicit rejection of PKCS#1 v1.5 RSA Status in openssl package in Ubuntu: New Status in openssl source package in Trusty: Won't Fix Status in openssl source package in Xenial: Fix Released Status in openssl source package in Bionic: Fix Released Status in openssl source package in Focal: Fix Released Status in openssl source package in Jammy: Fix Released Status in openssl source package in Mantic: Fix Released Status in openssl source package in Noble: New Bug description: OpenSSL 3.2.0 introduced a change on PKCS#1 v1.5 RSA to return random output instead of an exception when detecting wrong padding (https://github.com/openssl/openssl/pull/13817). There are available backports already: * 3.0 https://gitlab.com/redhat/centos- stream/rpms/openssl/-/blob/c9s/0120-RSA-PKCS15-implicit- rejection.patch?ref_type=heads * 1.1.1 https://gitlab.com/redhat/centos- stream/rpms/openssl/-/blob/c8s/openssl-1.1.1-pkcs1-implicit- rejection.patch?ref_type=heads This change is needed to fix CVE-2023-50782. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openssl/+bug/2054090/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 2054090] Re: Implicit rejection of PKCS#1 v1.5 RSA
https://ubuntu.com/security/notices/USN-6663-1 -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to openssl in Ubuntu. https://bugs.launchpad.net/bugs/2054090 Title: Implicit rejection of PKCS#1 v1.5 RSA Status in openssl package in Ubuntu: New Status in openssl source package in Trusty: New Status in openssl source package in Xenial: New Status in openssl source package in Bionic: Fix Released Status in openssl source package in Focal: Fix Released Status in openssl source package in Jammy: Fix Released Status in openssl source package in Mantic: Fix Released Status in openssl source package in Noble: New Bug description: OpenSSL 3.2.0 introduced a change on PKCS#1 v1.5 RSA to return random output instead of an exception when detecting wrong padding (https://github.com/openssl/openssl/pull/13817). There are available backports already: * 3.0 https://gitlab.com/redhat/centos- stream/rpms/openssl/-/blob/c9s/0120-RSA-PKCS15-implicit- rejection.patch?ref_type=heads * 1.1.1 https://gitlab.com/redhat/centos- stream/rpms/openssl/-/blob/c8s/openssl-1.1.1-pkcs1-implicit- rejection.patch?ref_type=heads This change is needed to fix CVE-2023-50782. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openssl/+bug/2054090/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 2054090] Re: Implicit rejection of PKCS#1 v1.5 RSA
Bionic released in ESM Infra, version 1.1.1-1ubuntu2.1~18.04.23+esm5 ** Changed in: openssl (Ubuntu Bionic) Status: New => Fix Released -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to openssl in Ubuntu. https://bugs.launchpad.net/bugs/2054090 Title: Implicit rejection of PKCS#1 v1.5 RSA Status in openssl package in Ubuntu: New Status in openssl source package in Trusty: New Status in openssl source package in Xenial: New Status in openssl source package in Bionic: Fix Released Status in openssl source package in Focal: Fix Released Status in openssl source package in Jammy: Fix Released Status in openssl source package in Mantic: Fix Released Status in openssl source package in Noble: New Bug description: OpenSSL 3.2.0 introduced a change on PKCS#1 v1.5 RSA to return random output instead of an exception when detecting wrong padding (https://github.com/openssl/openssl/pull/13817). There are available backports already: * 3.0 https://gitlab.com/redhat/centos- stream/rpms/openssl/-/blob/c9s/0120-RSA-PKCS15-implicit- rejection.patch?ref_type=heads * 1.1.1 https://gitlab.com/redhat/centos- stream/rpms/openssl/-/blob/c8s/openssl-1.1.1-pkcs1-implicit- rejection.patch?ref_type=heads This change is needed to fix CVE-2023-50782. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openssl/+bug/2054090/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 2054090] Re: Implicit rejection of PKCS#1 v1.5 RSA
This bug was fixed in the package openssl - 3.0.2-0ubuntu1.15 --- openssl (3.0.2-0ubuntu1.15) jammy-security; urgency=medium * SECURITY UPDATE: Implicit rejection for RSA PKCS#1 (LP: #2054090) - debian/patches/openssl-pkcs1-implicit-rejection.patch: Return deterministic random output instead of an error in case there is a padding error in crypto/cms/cms_env.c, crypto/evp/ctrl_params_translate.c, crypto/pkcs7/pk7_doit.c, crypto/rsa/rsa_ossl.c, crypto/rsa/rsa_pk1.c, crypto/rsa/rsa_pmeth.c, doc/man1/openssl-pkeyutl.pod.in, doc/man1/openssl-rsautl.pod.in, doc/man3/EVP_PKEY_CTX_ctrl.pod, doc/man3/EVP_PKEY_decrypt.pod, doc/man3/RSA_padding_add_PKCS1_type_1.pod, doc/man3/RSA_public_encrypt.pod, doc/man7/provider-asym_cipher.pod, include/crypto/rsa.h, include/openssl/core_names.h, include/openssl/rsa.h, providers/implementations/asymciphers/rsa_enc.c and test/recipes/30-test_evp_data/evppkey_rsa_common.txt. -- David Fernandez Gonzalez Fri, 16 Feb 2024 09:51:30 +0100 -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to openssl in Ubuntu. https://bugs.launchpad.net/bugs/2054090 Title: Implicit rejection of PKCS#1 v1.5 RSA Status in openssl package in Ubuntu: New Status in openssl source package in Trusty: New Status in openssl source package in Xenial: New Status in openssl source package in Bionic: New Status in openssl source package in Focal: Fix Released Status in openssl source package in Jammy: Fix Released Status in openssl source package in Mantic: Fix Released Status in openssl source package in Noble: New Bug description: OpenSSL 3.2.0 introduced a change on PKCS#1 v1.5 RSA to return random output instead of an exception when detecting wrong padding (https://github.com/openssl/openssl/pull/13817). There are available backports already: * 3.0 https://gitlab.com/redhat/centos- stream/rpms/openssl/-/blob/c9s/0120-RSA-PKCS15-implicit- rejection.patch?ref_type=heads * 1.1.1 https://gitlab.com/redhat/centos- stream/rpms/openssl/-/blob/c8s/openssl-1.1.1-pkcs1-implicit- rejection.patch?ref_type=heads This change is needed to fix CVE-2023-50782. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openssl/+bug/2054090/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 2054090] Re: Implicit rejection of PKCS#1 v1.5 RSA
This bug was fixed in the package openssl - 1.1.1f-1ubuntu2.22 --- openssl (1.1.1f-1ubuntu2.22) focal-security; urgency=medium * SECURITY UPDATE: Implicit rejection for RSA PKCS#1 (LP: #2054090) - debian/patches/openssl-1.1.1-pkcs1-implicit-rejection.patch: Return deterministic random output instead of an error in case there is a padding error in crypto/cms/cms_env.c, crypto/pkcs7/pk7_doit.c, crypto/rsa/rsa_local.h, crypto/rsa/rsa_ossl.c, crypto/rsa/rsa_pk1.c, crypto/rsa/rsa_pmeth.c, doc/man1/pkeyutl.pod, doc/man1/rsautl.pod, doc/man3/EVP_PKEY_CTX_ctrl.pod, doc/man3/EVP_PKEY_decrypt.pod, doc/man3/RSA_padding_add_PKCS1_type_1.pod, doc/man3/RSA_public_encrypt.pod, include/openssl/rsa.h and test/recipes/30-test_evp_data/evppkey.txt. -- David Fernandez Gonzalez Fri, 16 Feb 2024 16:41:31 +0100 ** Changed in: openssl (Ubuntu Jammy) Status: New => Fix Released -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to openssl in Ubuntu. https://bugs.launchpad.net/bugs/2054090 Title: Implicit rejection of PKCS#1 v1.5 RSA Status in openssl package in Ubuntu: New Status in openssl source package in Trusty: New Status in openssl source package in Xenial: New Status in openssl source package in Bionic: New Status in openssl source package in Focal: Fix Released Status in openssl source package in Jammy: Fix Released Status in openssl source package in Mantic: Fix Released Status in openssl source package in Noble: New Bug description: OpenSSL 3.2.0 introduced a change on PKCS#1 v1.5 RSA to return random output instead of an exception when detecting wrong padding (https://github.com/openssl/openssl/pull/13817). There are available backports already: * 3.0 https://gitlab.com/redhat/centos- stream/rpms/openssl/-/blob/c9s/0120-RSA-PKCS15-implicit- rejection.patch?ref_type=heads * 1.1.1 https://gitlab.com/redhat/centos- stream/rpms/openssl/-/blob/c8s/openssl-1.1.1-pkcs1-implicit- rejection.patch?ref_type=heads This change is needed to fix CVE-2023-50782. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openssl/+bug/2054090/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 2054090] Re: Implicit rejection of PKCS#1 v1.5 RSA
This bug was fixed in the package openssl - 3.0.10-1ubuntu2.3 --- openssl (3.0.10-1ubuntu2.3) mantic-security; urgency=medium * SECURITY UPDATE: Implicit rejection for RSA PKCS#1 (LP: #2054090) - debian/patches/openssl-pkcs1-implicit-rejection.patch: Return deterministic random output instead of an error in case there is a padding error in crypto/cms/cms_env.c, crypto/evp/ctrl_params_translate.c, crypto/pkcs7/pk7_doit.c, crypto/rsa/rsa_ossl.c, crypto/rsa/rsa_pk1.c, crypto/rsa/rsa_pmeth.c, doc/man1/openssl-pkeyutl.pod.in, doc/man1/openssl-rsautl.pod.in, doc/man3/EVP_PKEY_CTX_ctrl.pod, doc/man3/EVP_PKEY_decrypt.pod, doc/man3/RSA_padding_add_PKCS1_type_1.pod, doc/man3/RSA_public_encrypt.pod, doc/man7/provider-asym_cipher.pod, include/crypto/rsa.h, include/openssl/core_names.h, include/openssl/rsa.h, providers/implementations/asymciphers/rsa_enc.c and test/recipes/30-test_evp_data/evppkey_rsa_common.txt. -- David Fernandez Gonzalez Wed, 21 Feb 2024 11:45:39 +0100 ** Changed in: openssl (Ubuntu Mantic) Status: New => Fix Released ** Changed in: openssl (Ubuntu Focal) Status: New => Fix Released -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to openssl in Ubuntu. https://bugs.launchpad.net/bugs/2054090 Title: Implicit rejection of PKCS#1 v1.5 RSA Status in openssl package in Ubuntu: New Status in openssl source package in Trusty: New Status in openssl source package in Xenial: New Status in openssl source package in Bionic: New Status in openssl source package in Focal: Fix Released Status in openssl source package in Jammy: Fix Released Status in openssl source package in Mantic: Fix Released Status in openssl source package in Noble: New Bug description: OpenSSL 3.2.0 introduced a change on PKCS#1 v1.5 RSA to return random output instead of an exception when detecting wrong padding (https://github.com/openssl/openssl/pull/13817). There are available backports already: * 3.0 https://gitlab.com/redhat/centos- stream/rpms/openssl/-/blob/c9s/0120-RSA-PKCS15-implicit- rejection.patch?ref_type=heads * 1.1.1 https://gitlab.com/redhat/centos- stream/rpms/openssl/-/blob/c8s/openssl-1.1.1-pkcs1-implicit- rejection.patch?ref_type=heads This change is needed to fix CVE-2023-50782. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openssl/+bug/2054090/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 2054090] Re: Implicit rejection of PKCS#1 v1.5 RSA
** Changed in: openssl (Ubuntu Bionic) Assignee: (unassigned) => David Fernandez Gonzalez (litios) ** Changed in: openssl (Ubuntu Focal) Assignee: (unassigned) => David Fernandez Gonzalez (litios) ** Changed in: openssl (Ubuntu Jammy) Assignee: (unassigned) => David Fernandez Gonzalez (litios) ** Changed in: openssl (Ubuntu Mantic) Assignee: (unassigned) => David Fernandez Gonzalez (litios) ** Changed in: openssl (Ubuntu Noble) Assignee: (unassigned) => David Fernandez Gonzalez (litios) ** Changed in: openssl (Ubuntu Xenial) Assignee: (unassigned) => David Fernandez Gonzalez (litios) ** Changed in: openssl (Ubuntu Trusty) Assignee: (unassigned) => David Fernandez Gonzalez (litios) -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to openssl in Ubuntu. https://bugs.launchpad.net/bugs/2054090 Title: Implicit rejection of PKCS#1 v1.5 RSA Status in openssl package in Ubuntu: New Status in openssl source package in Trusty: New Status in openssl source package in Xenial: New Status in openssl source package in Bionic: New Status in openssl source package in Focal: New Status in openssl source package in Jammy: New Status in openssl source package in Mantic: New Status in openssl source package in Noble: New Bug description: OpenSSL 3.2.0 introduced a change on PKCS#1 v1.5 RSA to return random output instead of an exception when detecting wrong padding (https://github.com/openssl/openssl/pull/13817). There are available backports already: * 3.0 https://gitlab.com/redhat/centos- stream/rpms/openssl/-/blob/c9s/0120-RSA-PKCS15-implicit- rejection.patch?ref_type=heads * 1.1.1 https://gitlab.com/redhat/centos- stream/rpms/openssl/-/blob/c8s/openssl-1.1.1-pkcs1-implicit- rejection.patch?ref_type=heads This change is needed to fix CVE-2023-50782. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openssl/+bug/2054090/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 2054090] Re: Implicit rejection of PKCS#1 v1.5 RSA
** Changed in: openssl (Ubuntu) Assignee: (unassigned) => David Fernandez Gonzalez (litios) ** Also affects: openssl (Ubuntu Xenial) Importance: Undecided Status: New ** Also affects: openssl (Ubuntu Focal) Importance: Undecided Status: New ** Also affects: openssl (Ubuntu Bionic) Importance: Undecided Status: New ** Also affects: openssl (Ubuntu Noble) Importance: Undecided Assignee: David Fernandez Gonzalez (litios) Status: New ** Also affects: openssl (Ubuntu Trusty) Importance: Undecided Status: New ** Also affects: openssl (Ubuntu Mantic) Importance: Undecided Status: New ** Also affects: openssl (Ubuntu Jammy) Importance: Undecided Status: New ** Changed in: openssl (Ubuntu Noble) Assignee: David Fernandez Gonzalez (litios) => (unassigned) -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to openssl in Ubuntu. https://bugs.launchpad.net/bugs/2054090 Title: Implicit rejection of PKCS#1 v1.5 RSA Status in openssl package in Ubuntu: New Status in openssl source package in Trusty: New Status in openssl source package in Xenial: New Status in openssl source package in Bionic: New Status in openssl source package in Focal: New Status in openssl source package in Jammy: New Status in openssl source package in Mantic: New Status in openssl source package in Noble: New Bug description: OpenSSL 3.2.0 introduced a change on PKCS#1 v1.5 RSA to return random output instead of an exception when detecting wrong padding (https://github.com/openssl/openssl/pull/13817). There are available backports already: * 3.0 https://gitlab.com/redhat/centos- stream/rpms/openssl/-/blob/c9s/0120-RSA-PKCS15-implicit- rejection.patch?ref_type=heads * 1.1.1 https://gitlab.com/redhat/centos- stream/rpms/openssl/-/blob/c8s/openssl-1.1.1-pkcs1-implicit- rejection.patch?ref_type=heads This change is needed to fix CVE-2023-50782. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openssl/+bug/2054090/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp