[USN-5328-1] OpenSSL vulnerability

Severity High

Affected Packages 15

CVEs 1

OpenSSL could be made to stop responding if it opened a specially crafted certificate.

Tavis Ormandy discovered that OpenSSL incorrectly parsed certain
certificates. A remote attacker could possibly use this issue to cause
OpenSSH to stop responding, resulting in a denial of service.

Package	Affected Version
pkg:deb/ubuntu/openssl?distro=impish	< 1.1.1l-1ubuntu1.2
pkg:deb/ubuntu/openssl?distro=focal	< 1.1.1f-1ubuntu2.12
pkg:deb/ubuntu/openssl?distro=bionic	< 1.1.1-1ubuntu2.1~18.04.15
pkg:deb/ubuntu/openssl1.0?distro=bionic	< 1.0.2n-1ubuntu5.8
pkg:deb/ubuntu/libssl1.1?distro=impish	< 1.1.1l-1ubuntu1.2
pkg:deb/ubuntu/libssl1.1?distro=focal	< 1.1.1f-1ubuntu2.12
pkg:deb/ubuntu/libssl1.1?distro=bionic	< 1.1.1-1ubuntu2.1~18.04.15
pkg:deb/ubuntu/libssl1.0.0?distro=bionic	< 1.0.2n-1ubuntu5.8
pkg:deb/ubuntu/libssl1.0-dev?distro=bionic	< 1.0.2n-1ubuntu5.8
pkg:deb/ubuntu/libssl-doc?distro=impish	< 1.1.1l-1ubuntu1.2
pkg:deb/ubuntu/libssl-doc?distro=focal	< 1.1.1f-1ubuntu2.12
pkg:deb/ubuntu/libssl-doc?distro=bionic	< 1.1.1-1ubuntu2.1~18.04.15
pkg:deb/ubuntu/libssl-dev?distro=impish	< 1.1.1l-1ubuntu1.2
pkg:deb/ubuntu/libssl-dev?distro=focal	< 1.1.1f-1ubuntu2.12
pkg:deb/ubuntu/libssl-dev?distro=bionic	< 1.1.1-1ubuntu2.1~18.04.15

ID

USN-5328-1

Severity

high

URL

https://ubuntu.com/security/notices/USN-5328-1

Published

2022-03-15T16:45:46
(2 years ago)

Modified

2022-03-15T16:45:46
(2 years ago)

Other Advisories

Type	Package URL	Namespace	Name / Product	Version	Distribution / Platform
Affected	pkg:deb/ubuntu/openssl?distro=impish	ubuntu	openssl	< 1.1.1l-1ubuntu1.2	impish
Affected	pkg:deb/ubuntu/openssl?distro=focal	ubuntu	openssl	< 1.1.1f-1ubuntu2.12	focal
Affected	pkg:deb/ubuntu/openssl?distro=bionic	ubuntu	openssl	< 1.1.1-1ubuntu2.1~18.04.15	bionic
Affected	pkg:deb/ubuntu/openssl1.0?distro=bionic	ubuntu	openssl1.0	< 1.0.2n-1ubuntu5.8	bionic
Affected	pkg:deb/ubuntu/libssl1.1?distro=impish	ubuntu	libssl1.1	< 1.1.1l-1ubuntu1.2	impish
Affected	pkg:deb/ubuntu/libssl1.1?distro=focal	ubuntu	libssl1.1	< 1.1.1f-1ubuntu2.12	focal
Affected	pkg:deb/ubuntu/libssl1.1?distro=bionic	ubuntu	libssl1.1	< 1.1.1-1ubuntu2.1~18.04.15	bionic
Affected	pkg:deb/ubuntu/libssl1.0.0?distro=bionic	ubuntu	libssl1.0.0	< 1.0.2n-1ubuntu5.8	bionic
Affected	pkg:deb/ubuntu/libssl1.0-dev?distro=bionic	ubuntu	libssl1.0-dev	< 1.0.2n-1ubuntu5.8	bionic
Affected	pkg:deb/ubuntu/libssl-doc?distro=impish	ubuntu	libssl-doc	< 1.1.1l-1ubuntu1.2	impish
Affected	pkg:deb/ubuntu/libssl-doc?distro=focal	ubuntu	libssl-doc	< 1.1.1f-1ubuntu2.12	focal
Affected	pkg:deb/ubuntu/libssl-doc?distro=bionic	ubuntu	libssl-doc	< 1.1.1-1ubuntu2.1~18.04.15	bionic
Affected	pkg:deb/ubuntu/libssl-dev?distro=impish	ubuntu	libssl-dev	< 1.1.1l-1ubuntu1.2	impish
Affected	pkg:deb/ubuntu/libssl-dev?distro=focal	ubuntu	libssl-dev	< 1.1.1f-1ubuntu2.12	focal
Affected	pkg:deb/ubuntu/libssl-dev?distro=bionic	ubuntu	libssl-dev	< 1.1.1-1ubuntu2.1~18.04.15	bionic

# CVE	Description	CVSS	EPSS	EPSS Trend (30 days)	Affected Products	Weaknesses	Security Advisories	Exploits	PoC	Pubblication Date	Modification Date
# CVE	Description	CVSS	EPSS	EPSS Trend (30 days)	Affected Products	Weaknesses	Security Advisories	PoC	Pubblication Date	Modification Date