group.of.nepali.translators team mailing list archive
-
group.of.nepali.translators team
-
Mailing list archive
-
Message #46733
[Bug 2054090] Re: Implicit rejection of PKCS#1 v1.5 RSA
This bug was fixed in the package openssl - 3.0.10-1ubuntu2.3
---------------
openssl (3.0.10-1ubuntu2.3) mantic-security; urgency=medium
* SECURITY UPDATE: Implicit rejection for RSA PKCS#1 (LP: #2054090)
- debian/patches/openssl-pkcs1-implicit-rejection.patch:
Return deterministic random output instead of an error in case
there is a padding error in crypto/cms/cms_env.c,
crypto/evp/ctrl_params_translate.c, crypto/pkcs7/pk7_doit.c,
crypto/rsa/rsa_ossl.c, crypto/rsa/rsa_pk1.c,
crypto/rsa/rsa_pmeth.c, doc/man1/openssl-pkeyutl.pod.in,
doc/man1/openssl-rsautl.pod.in, doc/man3/EVP_PKEY_CTX_ctrl.pod,
doc/man3/EVP_PKEY_decrypt.pod,
doc/man3/RSA_padding_add_PKCS1_type_1.pod,
doc/man3/RSA_public_encrypt.pod, doc/man7/provider-asym_cipher.pod,
include/crypto/rsa.h, include/openssl/core_names.h,
include/openssl/rsa.h,
providers/implementations/asymciphers/rsa_enc.c and
test/recipes/30-test_evp_data/evppkey_rsa_common.txt.
-- David Fernandez Gonzalez <david.fernandezgonzalez@xxxxxxxxxxxxx>
Wed, 21 Feb 2024 11:45:39 +0100
** Changed in: openssl (Ubuntu Mantic)
Status: New => Fix Released
** Changed in: openssl (Ubuntu Focal)
Status: New => Fix Released
--
You received this bug notification because you are a member of नेपाली
भाषा समायोजकहरुको समूह, which is subscribed to Xenial.
Matching subscriptions: Ubuntu 16.04 Bugs
https://bugs.launchpad.net/bugs/2054090
Title:
Implicit rejection of PKCS#1 v1.5 RSA
Status in openssl package in Ubuntu:
New
Status in openssl source package in Trusty:
New
Status in openssl source package in Xenial:
New
Status in openssl source package in Bionic:
New
Status in openssl source package in Focal:
Fix Released
Status in openssl source package in Jammy:
Fix Released
Status in openssl source package in Mantic:
Fix Released
Status in openssl source package in Noble:
New
Bug description:
OpenSSL 3.2.0 introduced a change on PKCS#1 v1.5 RSA to return random
output instead of an exception when detecting wrong padding
(https://github.com/openssl/openssl/pull/13817).
There are available backports already:
* 3.0 https://gitlab.com/redhat/centos-
stream/rpms/openssl/-/blob/c9s/0120-RSA-PKCS15-implicit-
rejection.patch?ref_type=heads
* 1.1.1 https://gitlab.com/redhat/centos-
stream/rpms/openssl/-/blob/c8s/openssl-1.1.1-pkcs1-implicit-
rejection.patch?ref_type=heads
This change is needed to fix CVE-2023-50782.
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/openssl/+bug/2054090/+subscriptions