UBUNTU-CVE-2022-2097

Source
https://ubuntu.com/security/CVE-2022-2097
Import Source
https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2022/UBUNTU-CVE-2022-2097.json
JSON Data
https://api.osv.dev/v1/vulns/UBUNTU-CVE-2022-2097
Related
Published
2022-07-05T00:00:00Z
Modified
2024-10-15T14:09:42Z
Severity
  • 5.3 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N CVSS Calculator
Summary
[none]
Details

AES OCB mode for 32-bit x86 platforms using the AES-NI assembly optimised implementation will not encrypt the entirety of the data under some circumstances. This could reveal sixteen bytes of data that was preexisting in the memory that wasn't written. In the special case of "in place" encryption, sixteen bytes of the plaintext would be revealed. Since OpenSSL does not support OCB based cipher suites for TLS and DTLS, they are both unaffected. Fixed in OpenSSL 3.0.5 (Affected 3.0.0-3.0.4). Fixed in OpenSSL 1.1.1q (Affected 1.1.1-1.1.1p).

References

Affected packages

Ubuntu:Pro:16.04:LTS / edk2

Package

Name
edk2
Purl
pkg:deb/ubuntu/edk2?arch=src?distro=esm-apps/xenial

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

0~20150106.*

0~20150106.5c2d456b-2

0~20160104.*

0~20160104.c2a892d7-1

0~20160408.*

0~20160408.ffea0a2c-2
0~20160408.ffea0a2c-2ubuntu0.1
0~20160408.ffea0a2c-2ubuntu0.2
0~20160408.ffea0a2c-2ubuntu0.2+esm1
0~20160408.ffea0a2c-2ubuntu0.2+esm3

Ecosystem specific

{
    "ubuntu_priority": "medium"
}

Ubuntu:18.04:LTS / openssl

Package

Name
openssl
Purl
pkg:deb/ubuntu/openssl?arch=src?distro=bionic

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.1.1-1ubuntu2.1~18.04.20

Affected versions

1.*

1.0.2g-1ubuntu13
1.0.2g-1ubuntu14
1.0.2n-1ubuntu1
1.1.0g-2ubuntu1
1.1.0g-2ubuntu2
1.1.0g-2ubuntu3
1.1.0g-2ubuntu4
1.1.0g-2ubuntu4.1
1.1.0g-2ubuntu4.3
1.1.1-1ubuntu2.1~18.04.1
1.1.1-1ubuntu2.1~18.04.2
1.1.1-1ubuntu2.1~18.04.3
1.1.1-1ubuntu2.1~18.04.4
1.1.1-1ubuntu2.1~18.04.5
1.1.1-1ubuntu2.1~18.04.6
1.1.1-1ubuntu2.1~18.04.7
1.1.1-1ubuntu2.1~18.04.8
1.1.1-1ubuntu2.1~18.04.9
1.1.1-1ubuntu2.1~18.04.10
1.1.1-1ubuntu2.1~18.04.13
1.1.1-1ubuntu2.1~18.04.14
1.1.1-1ubuntu2.1~18.04.15
1.1.1-1ubuntu2.1~18.04.17
1.1.1-1ubuntu2.1~18.04.19

Ecosystem specific

{
    "availability": "No subscription required",
    "ubuntu_priority": "medium",
    "binaries": [
        {
            "binary_version": "1.1.1-1ubuntu2.1~18.04.20",
            "binary_name": "libcrypto1.1-udeb"
        },
        {
            "binary_version": "1.1.1-1ubuntu2.1~18.04.20",
            "binary_name": "libssl-dev"
        },
        {
            "binary_version": "1.1.1-1ubuntu2.1~18.04.20",
            "binary_name": "libssl-doc"
        },
        {
            "binary_version": "1.1.1-1ubuntu2.1~18.04.20",
            "binary_name": "libssl1.1"
        },
        {
            "binary_version": "1.1.1-1ubuntu2.1~18.04.20",
            "binary_name": "libssl1.1-dbgsym"
        },
        {
            "binary_version": "1.1.1-1ubuntu2.1~18.04.20",
            "binary_name": "libssl1.1-udeb"
        },
        {
            "binary_version": "1.1.1-1ubuntu2.1~18.04.20",
            "binary_name": "openssl"
        },
        {
            "binary_version": "1.1.1-1ubuntu2.1~18.04.20",
            "binary_name": "openssl-dbgsym"
        }
    ]
}

Ubuntu:Pro:FIPS-updates:18.04:LTS / openssl

Package

Name
openssl
Purl
pkg:deb/ubuntu/openssl?arch=src?distro=fips-updates/bionic

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.1.1-1ubuntu2.fips.2.1~18.04.20

Affected versions

1.*

1.1.1-1ubuntu2.fips.2.1~18.04.5.1
1.1.1-1ubuntu2.fips.2.1~18.04.6.1
1.1.1-1ubuntu2.fips.2.1~18.04.7.1
1.1.1-1ubuntu2.fips.2.1~18.04.9.1
1.1.1-1ubuntu2.fips.2.1~18.04.9.2
1.1.1-1ubuntu2.fips.2.1~18.04.9.3
1.1.1-1ubuntu2.fips.2.1~18.04.13.2
1.1.1-1ubuntu2.fips.2.1~18.04.15
1.1.1-1ubuntu2.fips.2.1~18.04.15.1
1.1.1-1ubuntu2.fips.2.1~18.04.15.2
1.1.1-1ubuntu2.fips.2.1~18.04.17

Ecosystem specific

{
    "availability": "Available with Ubuntu Pro: https://ubuntu.com/pro",
    "ubuntu_priority": "medium",
    "binaries": [
        {
            "binary_version": "1.1.1-1ubuntu2.fips.2.1~18.04.20",
            "binary_name": "libcrypto1.1-udeb"
        },
        {
            "binary_version": "1.1.1-1ubuntu2.fips.2.1~18.04.20",
            "binary_name": "libssl-dev"
        },
        {
            "binary_version": "1.1.1-1ubuntu2.fips.2.1~18.04.20",
            "binary_name": "libssl-doc"
        },
        {
            "binary_version": "1.1.1-1ubuntu2.fips.2.1~18.04.20",
            "binary_name": "libssl1.1"
        },
        {
            "binary_version": "1.1.1-1ubuntu2.fips.2.1~18.04.20",
            "binary_name": "libssl1.1-dbgsym"
        },
        {
            "binary_version": "1.1.1-1ubuntu2.fips.2.1~18.04.20",
            "binary_name": "libssl1.1-hmac"
        },
        {
            "binary_version": "1.1.1-1ubuntu2.fips.2.1~18.04.20",
            "binary_name": "libssl1.1-udeb"
        },
        {
            "binary_version": "1.1.1-1ubuntu2.fips.2.1~18.04.20",
            "binary_name": "openssl"
        },
        {
            "binary_version": "1.1.1-1ubuntu2.fips.2.1~18.04.20",
            "binary_name": "openssl-dbgsym"
        }
    ]
}

Ubuntu:Pro:FIPS:18.04:LTS / openssl

Package

Name
openssl
Purl
pkg:deb/ubuntu/openssl?arch=src?distro=fips/bionic

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

1.*

1.1.1-1ubuntu2.fips.2.1~18.04.3.1
1.1.1-1ubuntu2.fips.2.1~18.04.15.2

Ecosystem specific

{
    "ubuntu_priority": "medium"
}

Ubuntu:20.04:LTS / openssl

Package

Name
openssl
Purl
pkg:deb/ubuntu/openssl?arch=src?distro=focal

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.1.1f-1ubuntu2.16

Affected versions

1.*

1.1.1c-1ubuntu4
1.1.1d-2ubuntu3
1.1.1d-2ubuntu6
1.1.1f-1ubuntu1
1.1.1f-1ubuntu2
1.1.1f-1ubuntu2.1
1.1.1f-1ubuntu2.2
1.1.1f-1ubuntu2.3
1.1.1f-1ubuntu2.4
1.1.1f-1ubuntu2.5
1.1.1f-1ubuntu2.8
1.1.1f-1ubuntu2.9
1.1.1f-1ubuntu2.10
1.1.1f-1ubuntu2.11
1.1.1f-1ubuntu2.12
1.1.1f-1ubuntu2.13
1.1.1f-1ubuntu2.15

Ecosystem specific

{
    "availability": "No subscription required",
    "ubuntu_priority": "medium",
    "binaries": [
        {
            "binary_version": "1.1.1f-1ubuntu2.16",
            "binary_name": "libcrypto1.1-udeb"
        },
        {
            "binary_version": "1.1.1f-1ubuntu2.16",
            "binary_name": "libssl-dev"
        },
        {
            "binary_version": "1.1.1f-1ubuntu2.16",
            "binary_name": "libssl-doc"
        },
        {
            "binary_version": "1.1.1f-1ubuntu2.16",
            "binary_name": "libssl1.1"
        },
        {
            "binary_version": "1.1.1f-1ubuntu2.16",
            "binary_name": "libssl1.1-dbgsym"
        },
        {
            "binary_version": "1.1.1f-1ubuntu2.16",
            "binary_name": "libssl1.1-udeb"
        },
        {
            "binary_version": "1.1.1f-1ubuntu2.16",
            "binary_name": "openssl"
        },
        {
            "binary_version": "1.1.1f-1ubuntu2.16",
            "binary_name": "openssl-dbgsym"
        }
    ]
}

Ubuntu:Pro:FIPS-updates:20.04:LTS / openssl

Package

Name
openssl
Purl
pkg:deb/ubuntu/openssl?arch=src?distro=fips-updates/focal

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.1.1f-1ubuntu2.fips.16

Affected versions

1.*

1.1.1f-1ubuntu2.fips.7
1.1.1f-1ubuntu2.fips.7.2
1.1.1f-1ubuntu2.fips.12
1.1.1f-1ubuntu2.fips.13
1.1.1f-1ubuntu2.fips.13.1

Ecosystem specific

{
    "availability": "Available with Ubuntu Pro: https://ubuntu.com/pro",
    "ubuntu_priority": "medium",
    "binaries": [
        {
            "binary_version": "1.1.1f-1ubuntu2.fips.16",
            "binary_name": "libcrypto1.1-udeb"
        },
        {
            "binary_version": "1.1.1f-1ubuntu2.fips.16",
            "binary_name": "libssl-dev"
        },
        {
            "binary_version": "1.1.1f-1ubuntu2.fips.16",
            "binary_name": "libssl-doc"
        },
        {
            "binary_version": "1.1.1f-1ubuntu2.fips.16",
            "binary_name": "libssl1.1"
        },
        {
            "binary_version": "1.1.1f-1ubuntu2.fips.16",
            "binary_name": "libssl1.1-dbgsym"
        },
        {
            "binary_version": "1.1.1f-1ubuntu2.fips.16",
            "binary_name": "libssl1.1-hmac"
        },
        {
            "binary_version": "1.1.1f-1ubuntu2.fips.16",
            "binary_name": "libssl1.1-udeb"
        },
        {
            "binary_version": "1.1.1f-1ubuntu2.fips.16",
            "binary_name": "openssl"
        },
        {
            "binary_version": "1.1.1f-1ubuntu2.fips.16",
            "binary_name": "openssl-dbgsym"
        }
    ]
}

Ubuntu:Pro:FIPS:20.04:LTS / openssl

Package

Name
openssl
Purl
pkg:deb/ubuntu/openssl?arch=src?distro=fips/focal

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

1.*

1.1.1f-1ubuntu2.fips.2.8
1.1.1f-1ubuntu2.fips.7.1

Ecosystem specific

{
    "ubuntu_priority": "medium"
}

Ubuntu:22.04:LTS / nodejs

Package

Name
nodejs
Purl
pkg:deb/ubuntu/nodejs?arch=src?distro=jammy

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
12.22.9~dfsg-1ubuntu3.1

Affected versions

12.*

12.22.5~dfsg-5ubuntu1
12.22.7~dfsg-2ubuntu1
12.22.7~dfsg-2ubuntu3
12.22.9~dfsg-1ubuntu2
12.22.9~dfsg-1ubuntu3

Ecosystem specific

{
    "availability": "No subscription required",
    "ubuntu_priority": "medium",
    "binaries": [
        {
            "binary_version": "12.22.9~dfsg-1ubuntu3.1",
            "binary_name": "libnode-dev"
        },
        {
            "binary_version": "12.22.9~dfsg-1ubuntu3.1",
            "binary_name": "libnode72"
        },
        {
            "binary_version": "12.22.9~dfsg-1ubuntu3.1",
            "binary_name": "libnode72-dbgsym"
        },
        {
            "binary_version": "12.22.9~dfsg-1ubuntu3.1",
            "binary_name": "nodejs"
        },
        {
            "binary_version": "12.22.9~dfsg-1ubuntu3.1",
            "binary_name": "nodejs-dbgsym"
        },
        {
            "binary_version": "12.22.9~dfsg-1ubuntu3.1",
            "binary_name": "nodejs-doc"
        }
    ]
}

Ubuntu:22.04:LTS / openssl

Package

Name
openssl
Purl
pkg:deb/ubuntu/openssl?arch=src?distro=jammy

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
3.0.2-0ubuntu1.6

Affected versions

1.*

1.1.1l-1ubuntu1

3.*

3.0.0-1ubuntu1
3.0.1-0ubuntu1
3.0.2-0ubuntu1
3.0.2-0ubuntu1.1
3.0.2-0ubuntu1.2
3.0.2-0ubuntu1.4
3.0.2-0ubuntu1.5

Ecosystem specific

{
    "availability": "No subscription required",
    "ubuntu_priority": "medium",
    "binaries": [
        {
            "binary_version": "3.0.2-0ubuntu1.6",
            "binary_name": "libssl-dev"
        },
        {
            "binary_version": "3.0.2-0ubuntu1.6",
            "binary_name": "libssl-doc"
        },
        {
            "binary_version": "3.0.2-0ubuntu1.6",
            "binary_name": "libssl3"
        },
        {
            "binary_version": "3.0.2-0ubuntu1.6",
            "binary_name": "libssl3-dbgsym"
        },
        {
            "binary_version": "3.0.2-0ubuntu1.6",
            "binary_name": "openssl"
        },
        {
            "binary_version": "3.0.2-0ubuntu1.6",
            "binary_name": "openssl-dbgsym"
        }
    ]
}