USN-4738-1

Source
https://ubuntu.com/security/notices/USN-4738-1
Import Source
https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-4738-1.json
JSON Data
https://api.osv.dev/v1/vulns/USN-4738-1
Related
Published
2021-02-18T12:22:41.226442Z
Modified
2021-02-18T12:22:41.226442Z
Summary
openssl, openssl1.0 vulnerabilities
Details

Paul Kehrer discovered that OpenSSL incorrectly handled certain input lengths in EVP functions. A remote attacker could possibly use this issue to cause OpenSSL to crash, resulting in a denial of service. (CVE-2021-23840)

Tavis Ormandy discovered that OpenSSL incorrectly handled parsing issuer fields. A remote attacker could possibly use this issue to cause OpenSSL to crash, resulting in a denial of service. (CVE-2021-23841)

References

Affected packages

Ubuntu:16.04:LTS / openssl

Package

Name
openssl
Purl
pkg:deb/ubuntu/openssl?arch=src?distro=xenial

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.0.2g-1ubuntu4.19

Affected versions

1.*

1.0.2d-0ubuntu1
1.0.2d-0ubuntu2
1.0.2e-1ubuntu1
1.0.2f-2ubuntu1
1.0.2g-1ubuntu2
1.0.2g-1ubuntu3
1.0.2g-1ubuntu4
1.0.2g-1ubuntu4.1
1.0.2g-1ubuntu4.2
1.0.2g-1ubuntu4.4
1.0.2g-1ubuntu4.5
1.0.2g-1ubuntu4.6
1.0.2g-1ubuntu4.8
1.0.2g-1ubuntu4.9
1.0.2g-1ubuntu4.10
1.0.2g-1ubuntu4.11
1.0.2g-1ubuntu4.12
1.0.2g-1ubuntu4.13
1.0.2g-1ubuntu4.14
1.0.2g-1ubuntu4.15
1.0.2g-1ubuntu4.16
1.0.2g-1ubuntu4.17
1.0.2g-1ubuntu4.18

Ecosystem specific

{
    "availability": "No subscription required",
    "binaries": [
        {
            "binary_version": "1.0.2g-1ubuntu4.19",
            "binary_name": "libcrypto1.0.0-udeb"
        },
        {
            "binary_version": "1.0.2g-1ubuntu4.19",
            "binary_name": "libcrypto1.0.0-udeb-dbgsym"
        },
        {
            "binary_version": "1.0.2g-1ubuntu4.19",
            "binary_name": "libssl-dev"
        },
        {
            "binary_version": "1.0.2g-1ubuntu4.19",
            "binary_name": "libssl-dev-dbgsym"
        },
        {
            "binary_version": "1.0.2g-1ubuntu4.19",
            "binary_name": "libssl-doc"
        },
        {
            "binary_version": "1.0.2g-1ubuntu4.19",
            "binary_name": "libssl1.0.0"
        },
        {
            "binary_version": "1.0.2g-1ubuntu4.19",
            "binary_name": "libssl1.0.0-dbg"
        },
        {
            "binary_version": "1.0.2g-1ubuntu4.19",
            "binary_name": "libssl1.0.0-dbgsym"
        },
        {
            "binary_version": "1.0.2g-1ubuntu4.19",
            "binary_name": "libssl1.0.0-udeb"
        },
        {
            "binary_version": "1.0.2g-1ubuntu4.19",
            "binary_name": "libssl1.0.0-udeb-dbgsym"
        },
        {
            "binary_version": "1.0.2g-1ubuntu4.19",
            "binary_name": "openssl"
        },
        {
            "binary_version": "1.0.2g-1ubuntu4.19",
            "binary_name": "openssl-dbgsym"
        }
    ]
}

Ubuntu:18.04:LTS / openssl

Package

Name
openssl
Purl
pkg:deb/ubuntu/openssl?arch=src?distro=bionic

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.1.1-1ubuntu2.1~18.04.8

Affected versions

1.*

1.0.2g-1ubuntu13
1.0.2g-1ubuntu14
1.0.2n-1ubuntu1
1.1.0g-2ubuntu1
1.1.0g-2ubuntu2
1.1.0g-2ubuntu3
1.1.0g-2ubuntu4
1.1.0g-2ubuntu4.1
1.1.0g-2ubuntu4.3
1.1.1-1ubuntu2.1~18.04.1
1.1.1-1ubuntu2.1~18.04.2
1.1.1-1ubuntu2.1~18.04.3
1.1.1-1ubuntu2.1~18.04.4
1.1.1-1ubuntu2.1~18.04.5
1.1.1-1ubuntu2.1~18.04.6
1.1.1-1ubuntu2.1~18.04.7

Ecosystem specific

{
    "availability": "No subscription required",
    "binaries": [
        {
            "binary_version": "1.1.1-1ubuntu2.1~18.04.8",
            "binary_name": "libcrypto1.1-udeb"
        },
        {
            "binary_version": "1.1.1-1ubuntu2.1~18.04.8",
            "binary_name": "libssl-dev"
        },
        {
            "binary_version": "1.1.1-1ubuntu2.1~18.04.8",
            "binary_name": "libssl-doc"
        },
        {
            "binary_version": "1.1.1-1ubuntu2.1~18.04.8",
            "binary_name": "libssl1.1"
        },
        {
            "binary_version": "1.1.1-1ubuntu2.1~18.04.8",
            "binary_name": "libssl1.1-dbgsym"
        },
        {
            "binary_version": "1.1.1-1ubuntu2.1~18.04.8",
            "binary_name": "libssl1.1-udeb"
        },
        {
            "binary_version": "1.1.1-1ubuntu2.1~18.04.8",
            "binary_name": "openssl"
        },
        {
            "binary_version": "1.1.1-1ubuntu2.1~18.04.8",
            "binary_name": "openssl-dbgsym"
        }
    ]
}

Ubuntu:18.04:LTS / openssl1.0

Package

Name
openssl1.0
Purl
pkg:deb/ubuntu/openssl1.0?arch=src?distro=bionic

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.0.2n-1ubuntu5.6

Affected versions

1.*

1.0.2n-1ubuntu2
1.0.2n-1ubuntu3
1.0.2n-1ubuntu4
1.0.2n-1ubuntu5
1.0.2n-1ubuntu5.1
1.0.2n-1ubuntu5.2
1.0.2n-1ubuntu5.3
1.0.2n-1ubuntu5.4
1.0.2n-1ubuntu5.5

Ecosystem specific

{
    "availability": "No subscription required",
    "binaries": [
        {
            "binary_version": "1.0.2n-1ubuntu5.6",
            "binary_name": "libcrypto1.0.0-udeb"
        },
        {
            "binary_version": "1.0.2n-1ubuntu5.6",
            "binary_name": "libssl1.0-dev"
        },
        {
            "binary_version": "1.0.2n-1ubuntu5.6",
            "binary_name": "libssl1.0.0"
        },
        {
            "binary_version": "1.0.2n-1ubuntu5.6",
            "binary_name": "libssl1.0.0-dbgsym"
        },
        {
            "binary_version": "1.0.2n-1ubuntu5.6",
            "binary_name": "libssl1.0.0-udeb"
        },
        {
            "binary_version": "1.0.2n-1ubuntu5.6",
            "binary_name": "openssl1.0"
        },
        {
            "binary_version": "1.0.2n-1ubuntu5.6",
            "binary_name": "openssl1.0-dbgsym"
        }
    ]
}

Ubuntu:20.04:LTS / openssl

Package

Name
openssl
Purl
pkg:deb/ubuntu/openssl?arch=src?distro=focal

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.1.1f-1ubuntu2.2

Affected versions

1.*

1.1.1c-1ubuntu4
1.1.1d-2ubuntu3
1.1.1d-2ubuntu6
1.1.1f-1ubuntu1
1.1.1f-1ubuntu2
1.1.1f-1ubuntu2.1

Ecosystem specific

{
    "availability": "No subscription required",
    "binaries": [
        {
            "binary_version": "1.1.1f-1ubuntu2.2",
            "binary_name": "libcrypto1.1-udeb"
        },
        {
            "binary_version": "1.1.1f-1ubuntu2.2",
            "binary_name": "libssl-dev"
        },
        {
            "binary_version": "1.1.1f-1ubuntu2.2",
            "binary_name": "libssl-doc"
        },
        {
            "binary_version": "1.1.1f-1ubuntu2.2",
            "binary_name": "libssl1.1"
        },
        {
            "binary_version": "1.1.1f-1ubuntu2.2",
            "binary_name": "libssl1.1-dbgsym"
        },
        {
            "binary_version": "1.1.1f-1ubuntu2.2",
            "binary_name": "libssl1.1-udeb"
        },
        {
            "binary_version": "1.1.1f-1ubuntu2.2",
            "binary_name": "openssl"
        },
        {
            "binary_version": "1.1.1f-1ubuntu2.2",
            "binary_name": "openssl-dbgsym"
        }
    ]
}