[USN-5710-1] OpenSSL vulnerabilities
Several security issues were fixed in OpenSSL.
It was discovered that OpenSSL incorrectly handled certain X.509 Email
Addresses. If a certificate authority were tricked into signing a
specially-crafted certificate, a remote attacker could possibly use this
issue to cause OpenSSL to crash, resulting in a denial of service. The
default compiler options for affected releases reduce the vulnerability to
a denial of service. (CVE-2022-3602, CVE-2022-3786)
It was discovered that OpenSSL incorrectly handled applications creating
custom ciphers via the legacy EVP_CIPHER_meth_new() function. This issue
could cause certain applications that mishandled values to the function to
possibly end up with a NULL cipher and messages in plaintext.
(CVE-2022-3358)
Package | Affected Version |
---|---|
pkg:deb/ubuntu/openssl?distro=kinetic | < 3.0.5-2ubuntu2 |
pkg:deb/ubuntu/openssl?distro=jammy | < 3.0.2-0ubuntu1.7 |
pkg:deb/ubuntu/libssl3?distro=kinetic | < 3.0.5-2ubuntu2 |
pkg:deb/ubuntu/libssl3?distro=jammy | < 3.0.2-0ubuntu1.7 |
pkg:deb/ubuntu/libssl-doc?distro=kinetic | < 3.0.5-2ubuntu2 |
pkg:deb/ubuntu/libssl-doc?distro=jammy | < 3.0.2-0ubuntu1.7 |
pkg:deb/ubuntu/libssl-dev?distro=kinetic | < 3.0.5-2ubuntu2 |
pkg:deb/ubuntu/libssl-dev?distro=jammy | < 3.0.2-0ubuntu1.7 |
- ID
- USN-5710-1
- Severity
- high
- URL
- https://ubuntu.com/security/notices/USN-5710-1
- Published
-
2022-11-01T16:24:36
(22 months ago) - Modified
-
2022-11-01T16:24:36
(22 months ago) - Other Advisories
-
- ALPINE:CVE-2022-3358
- ALPINE:CVE-2022-3602
- ALPINE:CVE-2022-3786
- ALSA-2022:7288
- ALSA-2023:2523
- CISCO-SA-OPENSSL-W9SDCC2A
- ELSA-2022-10004
- ELSA-2022-7288
- ELSA-2022-9968
- ELSA-2023-2523
- FEDORA-2022-0f1d2e0537
- FEDORA-2022-502f096dce
- FREEBSD:0844671C-5A09-11ED-856E-D4C9EF517024
- FREEBSD:7392E1E3-4EB9-11ED-856E-D4C9EF517024
- GLSA-202211-01
- GLSA-202402-08
- GLSA-202405-29
- MS:CVE-2022-3602
- MS:CVE-2022-3786
- RHSA-2022:7288
- RHSA-2023:2523
- RLSA-2022:7288
- RUSTSEC-2022-0059
- RUSTSEC-2022-0064
- RUSTSEC-2022-0065
- SECADV-20220929-1
- SECADV-20221101-1
- SECADV-20221101-2
- SUSE-SU-2022:3843-1
- SUSE-SU-2022:4586-1
- VU:794340
Type | Package URL | Namespace | Name / Product | Version | Distribution / Platform | Arch | Patch / Fix |
---|---|---|---|---|---|---|---|
Affected | pkg:deb/ubuntu/openssl?distro=kinetic | ubuntu | openssl | < 3.0.5-2ubuntu2 | kinetic | ||
Affected | pkg:deb/ubuntu/openssl?distro=jammy | ubuntu | openssl | < 3.0.2-0ubuntu1.7 | jammy | ||
Affected | pkg:deb/ubuntu/libssl3?distro=kinetic | ubuntu | libssl3 | < 3.0.5-2ubuntu2 | kinetic | ||
Affected | pkg:deb/ubuntu/libssl3?distro=jammy | ubuntu | libssl3 | < 3.0.2-0ubuntu1.7 | jammy | ||
Affected | pkg:deb/ubuntu/libssl-doc?distro=kinetic | ubuntu | libssl-doc | < 3.0.5-2ubuntu2 | kinetic | ||
Affected | pkg:deb/ubuntu/libssl-doc?distro=jammy | ubuntu | libssl-doc | < 3.0.2-0ubuntu1.7 | jammy | ||
Affected | pkg:deb/ubuntu/libssl-dev?distro=kinetic | ubuntu | libssl-dev | < 3.0.5-2ubuntu2 | kinetic | ||
Affected | pkg:deb/ubuntu/libssl-dev?distro=jammy | ubuntu | libssl-dev | < 3.0.2-0ubuntu1.7 | jammy |
# CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | Exploits | PoC | Pubblication Date | Modification Date |
---|---|---|---|---|---|---|---|---|---|---|---|
# CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | PoC | Pubblication Date | Modification Date |