group.of.nepali.translators team mailing list archive

Thread
Date

[Bug 2054090] Re: Implicit rejection of PKCS#1 v1.5 RSA

To: group.of.nepali.translators@xxxxxxxxxxxxxxxxxxx
From: David Fernandez Gonzalez <2054090@xxxxxxxxxxxxxxxxxx>
Date: Fri, 16 Feb 2024 15:28:38 -0000
Reply-to: Bug 2054090 <2054090@xxxxxxxxxxxxxxxxxx>
Sender: noreply@xxxxxxxxxxxxx

** Changed in: openssl (Ubuntu)
     Assignee: (unassigned) => David Fernandez Gonzalez (litios)

** Also affects: openssl (Ubuntu Xenial)
   Importance: Undecided
       Status: New

** Also affects: openssl (Ubuntu Focal)
   Importance: Undecided
       Status: New

** Also affects: openssl (Ubuntu Bionic)
   Importance: Undecided
       Status: New

** Also affects: openssl (Ubuntu Noble)
   Importance: Undecided
     Assignee: David Fernandez Gonzalez (litios)
       Status: New

** Also affects: openssl (Ubuntu Trusty)
   Importance: Undecided
       Status: New

** Also affects: openssl (Ubuntu Mantic)
   Importance: Undecided
       Status: New

** Also affects: openssl (Ubuntu Jammy)
   Importance: Undecided
       Status: New

** Changed in: openssl (Ubuntu Noble)
     Assignee: David Fernandez Gonzalez (litios) => (unassigned)

-- 
You received this bug notification because you are a member of नेपाली
भाषा समायोजकहरुको समूह, which is subscribed to Xenial.
Matching subscriptions: Ubuntu 16.04 Bugs
https://bugs.launchpad.net/bugs/2054090

Title:
  Implicit rejection of PKCS#1 v1.5 RSA

Status in openssl package in Ubuntu:
  New
Status in openssl source package in Trusty:
  New
Status in openssl source package in Xenial:
  New
Status in openssl source package in Bionic:
  New
Status in openssl source package in Focal:
  New
Status in openssl source package in Jammy:
  New
Status in openssl source package in Mantic:
  New
Status in openssl source package in Noble:
  New

Bug description:
  OpenSSL 3.2.0 introduced a change on PKCS#1 v1.5 RSA to return random
  output instead of an exception when detecting wrong padding
  (https://github.com/openssl/openssl/pull/13817).

  There are available backports already:

  * 3.0 https://gitlab.com/redhat/centos-
  stream/rpms/openssl/-/blob/c9s/0120-RSA-PKCS15-implicit-
  rejection.patch?ref_type=heads

  * 1.1.1 https://gitlab.com/redhat/centos-
  stream/rpms/openssl/-/blob/c8s/openssl-1.1.1-pkcs1-implicit-
  rejection.patch?ref_type=heads

  
  This change is needed to fix CVE-2023-50782.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/openssl/+bug/2054090/+subscriptions