Publishing details

• Published on 2023-10-24
• Copied from ubuntu lunar in Private PPA for Ubuntu Security Team by Marc Deslauriers

Changelog

openssl (3.0.8-1ubuntu1.4) lunar-security; urgency=medium

  [ Marc Deslauriers ]
  * SECURITY UPDATE: AES-SIV implementation ignores empty associated data
    entries
    - debian/patches/CVE-2023-2975.patch: do not ignore empty associated
      data with AES-SIV mode in
      providers/implementations/ciphers/cipher_aes_siv.c.
    - CVE-2023-2975
  * SECURITY UPDATE: Incorrect cipher key and IV length processing
    - debian/patches/CVE-2023-5363-1.patch: process key length and iv
      length early if present in crypto/evp/evp_enc.c.
    - debian/patches/CVE-2023-5363-2.patch: add unit test in
      test/evp_extra_test.c.
    - CVE-2023-5363

  [ Ian Constantin ]
  * SECURITY UPDATE: denial of service
    - debian/patches/CVE-2023-3446.patch: adds check to prevent the testing of
      an excessively large modulus in DH_check().
    - CVE-2023-3446
  * SECURITY UPDATE: denial of service
    - debian/patches/CVE-2023-3817.patch: adds check to prevent the testing of
      invalid q values in DH_check().
    - CVE-2023-3817

 -- Marc Deslauriers <email address hidden>  Fri, 13 Oct 2023 08:02:49 -0400

Builds

• amd64
• arm64
• armhf
• i386
• ppc64el
• riscv64
• s390x

Built packages

• libssl-dev Secure Sockets Layer toolkit - development files

• libssl-doc Secure Sockets Layer toolkit - development documentation

• libssl3 Secure Sockets Layer toolkit - shared libraries

• libssl3-dbgsym debug symbols for libssl3

• openssl Secure Sockets Layer toolkit - cryptographic utility

• openssl-dbgsym debug symbols for openssl

Package files

• libssl-dev_3.0.8-1ubuntu1.4_amd64.deb (2.3 MiB)
• libssl-dev_3.0.8-1ubuntu1.4_arm64.deb (2.2 MiB)
• libssl-dev_3.0.8-1ubuntu1.4_armhf.deb (2.0 MiB)
• libssl-dev_3.0.8-1ubuntu1.4_i386.deb (2.3 MiB)
• libssl-dev_3.0.8-1ubuntu1.4_ppc64el.deb (2.5 MiB)
• libssl-dev_3.0.8-1ubuntu1.4_riscv64.deb (4.2 MiB)
• libssl-dev_3.0.8-1ubuntu1.4_s390x.deb (1.9 MiB)
• libssl-doc_3.0.8-1ubuntu1.4_all.deb (2.0 MiB)
• libssl3-dbgsym_3.0.8-1ubuntu1.4_amd64.ddeb (4.8 MiB)
• libssl3-dbgsym_3.0.8-1ubuntu1.4_arm64.ddeb (4.6 MiB)
• libssl3-dbgsym_3.0.8-1ubuntu1.4_armhf.ddeb (4.3 MiB)
• libssl3-dbgsym_3.0.8-1ubuntu1.4_i386.ddeb (3.5 MiB)
• libssl3-dbgsym_3.0.8-1ubuntu1.4_ppc64el.ddeb (5.4 MiB)
• libssl3-dbgsym_3.0.8-1ubuntu1.4_riscv64.ddeb (4.2 MiB)
• libssl3-dbgsym_3.0.8-1ubuntu1.4_s390x.ddeb (4.6 MiB)
• libssl3_3.0.8-1ubuntu1.4_amd64.deb (1.8 MiB)
• libssl3_3.0.8-1ubuntu1.4_arm64.deb (1.7 MiB)
• libssl3_3.0.8-1ubuntu1.4_armhf.deb (1.5 MiB)
• libssl3_3.0.8-1ubuntu1.4_i386.deb (1.8 MiB)
• libssl3_3.0.8-1ubuntu1.4_ppc64el.deb (2.0 MiB)
• libssl3_3.0.8-1ubuntu1.4_riscv64.deb (1.4 MiB)
• libssl3_3.0.8-1ubuntu1.4_s390x.deb (1.5 MiB)
• openssl-dbgsym_3.0.8-1ubuntu1.4_amd64.ddeb (732.8 KiB)
• openssl-dbgsym_3.0.8-1ubuntu1.4_arm64.ddeb (734.5 KiB)
• openssl-dbgsym_3.0.8-1ubuntu1.4_armhf.ddeb (645.0 KiB)
• openssl-dbgsym_3.0.8-1ubuntu1.4_i386.ddeb (585.4 KiB)
• openssl-dbgsym_3.0.8-1ubuntu1.4_ppc64el.ddeb (802.1 KiB)
• openssl-dbgsym_3.0.8-1ubuntu1.4_riscv64.ddeb (654.6 KiB)
• openssl-dbgsym_3.0.8-1ubuntu1.4_s390x.ddeb (714.0 KiB)
• openssl_3.0.8-1ubuntu1.4.debian.tar.xz (132.7 KiB)
• openssl_3.0.8-1ubuntu1.4.dsc (2.4 KiB)
• openssl_3.0.8-1ubuntu1.4_amd64.deb (1.1 MiB)
• openssl_3.0.8-1ubuntu1.4_arm64.deb (1.1 MiB)
• openssl_3.0.8-1ubuntu1.4_armhf.deb (1.1 MiB)
• openssl_3.0.8-1ubuntu1.4_i386.deb (1.1 MiB)
• openssl_3.0.8-1ubuntu1.4_ppc64el.deb (1.1 MiB)
• openssl_3.0.8-1ubuntu1.4_riscv64.deb (1.1 MiB)
• openssl_3.0.8-1ubuntu1.4_s390x.deb (1.1 MiB)
• openssl_3.0.8.orig.tar.gz (14.4 MiB)