This bug was fixed in the package openssl - 3.0.10-1ubuntu2.3 --------------- openssl (3.0.10-1ubuntu2.3) mantic-security; urgency=medium
* SECURITY UPDATE: Implicit rejection for RSA PKCS#1 (LP: #2054090) - debian/patches/openssl-pkcs1-implicit-rejection.patch: Return deterministic random output instead of an error in case there is a padding error in crypto/cms/cms_env.c, crypto/evp/ctrl_params_translate.c, crypto/pkcs7/pk7_doit.c, crypto/rsa/rsa_ossl.c, crypto/rsa/rsa_pk1.c, crypto/rsa/rsa_pmeth.c, doc/man1/openssl-pkeyutl.pod.in, doc/man1/openssl-rsautl.pod.in, doc/man3/EVP_PKEY_CTX_ctrl.pod, doc/man3/EVP_PKEY_decrypt.pod, doc/man3/RSA_padding_add_PKCS1_type_1.pod, doc/man3/RSA_public_encrypt.pod, doc/man7/provider-asym_cipher.pod, include/crypto/rsa.h, include/openssl/core_names.h, include/openssl/rsa.h, providers/implementations/asymciphers/rsa_enc.c and test/recipes/30-test_evp_data/evppkey_rsa_common.txt. -- David Fernandez Gonzalez <david.fernandezgonza...@canonical.com> Wed, 21 Feb 2024 11:45:39 +0100 ** Changed in: openssl (Ubuntu Mantic) Status: New => Fix Released ** Changed in: openssl (Ubuntu Focal) Status: New => Fix Released -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2054090 Title: Implicit rejection of PKCS#1 v1.5 RSA To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openssl/+bug/2054090/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs