Public bug reported: OpenSSL 3.2.0 introduced a change on PKCS#1 v1.5 RSA to return random output instead of an exception when detecting wrong padding (https://github.com/openssl/openssl/pull/13817).
There are available backports already: * 3.0 https://gitlab.com/redhat/centos- stream/rpms/openssl/-/blob/c9s/0120-RSA-PKCS15-implicit- rejection.patch?ref_type=heads * 1.1.1 https://gitlab.com/redhat/centos- stream/rpms/openssl/-/blob/c8s/openssl-1.1.1-pkcs1-implicit- rejection.patch?ref_type=heads This change is needed to fix CVE-2023-50782. ** Affects: openssl (Ubuntu) Importance: Undecided Status: New -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to openssl in Ubuntu. https://bugs.launchpad.net/bugs/2054090 Title: Implicit rejection of PKCS#1 v1.5 RSA Status in openssl package in Ubuntu: New Bug description: OpenSSL 3.2.0 introduced a change on PKCS#1 v1.5 RSA to return random output instead of an exception when detecting wrong padding (https://github.com/openssl/openssl/pull/13817). There are available backports already: * 3.0 https://gitlab.com/redhat/centos- stream/rpms/openssl/-/blob/c9s/0120-RSA-PKCS15-implicit- rejection.patch?ref_type=heads * 1.1.1 https://gitlab.com/redhat/centos- stream/rpms/openssl/-/blob/c8s/openssl-1.1.1-pkcs1-implicit- rejection.patch?ref_type=heads This change is needed to fix CVE-2023-50782. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openssl/+bug/2054090/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
