[Touch-packages] [Bug 1915913] Re: OpenSSL Multiple Denial of Service Vulnerabilities

2021-03-09 Thread Marc Deslauriers 
Updated for this issue have been released:

https://ubuntu.com/security/notices/USN-4738-1

** Changed in: openssl (Ubuntu)
   Status: New => Fix Released

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to openssl in Ubuntu.
https://bugs.launchpad.net/bugs/1915913

Title:
  OpenSSL Multiple Denial of Service Vulnerabilities

Status in openssl package in Ubuntu:
  Fix Released

Bug description:
  Multiple vulnerabilities have been reported in OpenSSL, which can be
  exploited by malicious people to cause a DoS (Denial of Service).

  1

  An error related to the "X509_issuer_and_serial_hash()" function
  (crypto/x509/x509_cmp.c) can be exploited to trigger a NULL pointer
  dereference and subsequently cause a crash.

  2

  An integer overflow error related to CipherUpdate calls can be
  exploited to cause a crash.

  The vulnerabilities are reported in versions prior to 1.1.1j and prior
  to 1.0.2y.

  Affected Software

  The following software is affected by the described vulnerability.
  Please check the vendor links below to see if exactly your version is
  affected.

  OpenSSL 1.x

  Solution

  Update to version 1.1.1j or 1.0.2y.

  References

  1. https://www.openssl.org/news/secadv/20210216.txt 

  2. 
https://github.com/openssl/openssl/commit/8130d654d1de922ea224fa18ee3bc7262edc39c0
 

  3. 
https://github.com/openssl/openssl/commit/c9fb704cf3af5524eb8e79961e31b60eee8c3c47
 


  
  Please provide an update.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/openssl/+bug/1915913/+subscriptions

-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp

[Touch-packages] [Bug 1915913] Re: OpenSSL Multiple Denial of Service Vulnerabilities

2021-02-17 Thread Seth Arnold 
Hello, there are untested packages in https://launchpad.net/~ubuntu-
security-proposed/+archive/ubuntu/ppa/+packages in case you wish to test
them in your environment.

Thanks

** Information type changed from Private Security to Public Security

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to openssl in Ubuntu.
https://bugs.launchpad.net/bugs/1915913

Title:
  OpenSSL Multiple Denial of Service Vulnerabilities

Status in openssl package in Ubuntu:
  New

Bug description:
  Multiple vulnerabilities have been reported in OpenSSL, which can be
  exploited by malicious people to cause a DoS (Denial of Service).

  1

  An error related to the "X509_issuer_and_serial_hash()" function
  (crypto/x509/x509_cmp.c) can be exploited to trigger a NULL pointer
  dereference and subsequently cause a crash.

  2

  An integer overflow error related to CipherUpdate calls can be
  exploited to cause a crash.

  The vulnerabilities are reported in versions prior to 1.1.1j and prior
  to 1.0.2y.

  Affected Software

  The following software is affected by the described vulnerability.
  Please check the vendor links below to see if exactly your version is
  affected.

  OpenSSL 1.x

  Solution

  Update to version 1.1.1j or 1.0.2y.

  References

  1. https://www.openssl.org/news/secadv/20210216.txt 

  2. 
https://github.com/openssl/openssl/commit/8130d654d1de922ea224fa18ee3bc7262edc39c0
 

  3. 
https://github.com/openssl/openssl/commit/c9fb704cf3af5524eb8e79961e31b60eee8c3c47
 


  
  Please provide an update.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/openssl/+bug/1915913/+subscriptions

-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp