UBUNTU-CVE-2021-3449

See a problem?

Source

https://ubuntu.com/security/notices/UBUNTU-CVE-2021-3449

Import Source

https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2021/UBUNTU-CVE-2021-3449.json

JSON Data

https://api.osv.dev/v1/vulns/UBUNTU-CVE-2021-3449

Related

Published

2021-03-25T00:00:00Z

Modified

2021-03-25T00:00:00Z

Severity

5.9 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator

Summary

[none]

Details

An OpenSSL TLS server may crash if sent a maliciously crafted renegotiation ClientHello message from a client. If a TLSv1.2 renegotiation ClientHello omits the signaturealgorithms extension (where it was present in the initial ClientHello), but includes a signaturealgorithms_cert extension then a NULL pointer dereference will result, leading to a crash and a denial of service attack. A server is only vulnerable if it has TLSv1.2 and renegotiation enabled (which is the default configuration). OpenSSL TLS clients are not impacted by this issue. All OpenSSL 1.1.1 versions are affected by this issue. Users of these versions should upgrade to OpenSSL 1.1.1k. OpenSSL 1.0.2 is not impacted by this issue. Fixed in OpenSSL 1.1.1k (Affected 1.1.1-1.1.1j).

References

Affected packages

Ubuntu:Pro:14.04:LTS / postgresql-9.3

Package

Name: postgresql-9.3

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

9.*

9.3.1-1

9.3.2-1

9.3.2-1ubuntu1

9.3.2-1ubuntu2

9.3.3-1

9.3.3-1bzr1

9.3.3-1bzr2

9.3.4-1

9.3.5-0ubuntu0.14.04.1

9.3.6-0ubuntu0.14.04

9.3.7-0ubuntu0.14.04

9.3.8-0ubuntu0.4.04

9.3.9-0ubuntu0.14.04

9.3.10-0ubuntu0.14.04

9.3.11-0ubuntu0.14.04

9.3.12-0ubuntu0.14.04

9.3.13-0ubuntu0.14.04

9.3.14-0ubuntu0.14.04

9.3.15-0ubuntu0.14.04

9.3.16-0ubuntu0.14.04

9.3.17-0ubuntu0.14.04

9.3.18-0ubuntu0.14.04.1

9.3.19-0ubuntu0.14.04

9.3.20-0ubuntu0.14.04

9.3.21-0ubuntu0.14.04

9.3.22-0ubuntu0.14.04

9.3.23-0ubuntu0.14.04

9.3.24-0ubuntu0.14.04

Ecosystem specific

{
    "ubuntu_priority": "high"
}

Ubuntu:16.04:LTS / openssl

Package

Name: openssl
Purl: pkg:deb/ubuntu/openssl@1.0.2g-1ubuntu4.19?arch=src?distro=xenial

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.0.2g-1ubuntu4.19

Affected versions

1.*

1.0.2d-0ubuntu1

1.0.2d-0ubuntu2

1.0.2e-1ubuntu1

1.0.2f-2ubuntu1

1.0.2g-1ubuntu2

1.0.2g-1ubuntu3

1.0.2g-1ubuntu4

1.0.2g-1ubuntu4.1

1.0.2g-1ubuntu4.2

1.0.2g-1ubuntu4.4

1.0.2g-1ubuntu4.5

1.0.2g-1ubuntu4.6

1.0.2g-1ubuntu4.8

1.0.2g-1ubuntu4.9

1.0.2g-1ubuntu4.10

1.0.2g-1ubuntu4.11

1.0.2g-1ubuntu4.12

1.0.2g-1ubuntu4.13

1.0.2g-1ubuntu4.14

1.0.2g-1ubuntu4.15

1.0.2g-1ubuntu4.16

1.0.2g-1ubuntu4.17

1.0.2g-1ubuntu4.18

Ecosystem specific

{
    "availability": "No subscription required",
    "ubuntu_priority": "high",
    "binaries": [
        {
            "libssl1.0.0-udeb-dbgsym": "1.0.2g-1ubuntu4.19",
            "libssl-dev": "1.0.2g-1ubuntu4.19",
            "libssl1.0.0": "1.0.2g-1ubuntu4.19",
            "libssl-doc": "1.0.2g-1ubuntu4.19",
            "libcrypto1.0.0-udeb-dbgsym": "1.0.2g-1ubuntu4.19",
            "libssl1.0.0-dbg": "1.0.2g-1ubuntu4.19",
            "libssl-dev-dbgsym": "1.0.2g-1ubuntu4.19",
            "openssl": "1.0.2g-1ubuntu4.19",
            "openssl-dbgsym": "1.0.2g-1ubuntu4.19",
            "libssl1.0.0-udeb": "1.0.2g-1ubuntu4.19",
            "libssl1.0.0-dbgsym": "1.0.2g-1ubuntu4.19",
            "libcrypto1.0.0-udeb": "1.0.2g-1ubuntu4.19"
        }
    ]
}

Ubuntu:18.04:LTS / openssl

Package

Name: openssl
Purl: pkg:deb/ubuntu/openssl@1.1.1-1ubuntu2.1~18.04.9?arch=src?distro=bionic

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.1.1-1ubuntu2.1~18.04.9

Affected versions

1.*

1.0.2g-1ubuntu13

1.0.2g-1ubuntu14

1.0.2n-1ubuntu1

1.1.0g-2ubuntu1

1.1.0g-2ubuntu2

1.1.0g-2ubuntu3

1.1.0g-2ubuntu4

1.1.0g-2ubuntu4.1

1.1.0g-2ubuntu4.3

1.1.1-1ubuntu2.1~18.04.1

1.1.1-1ubuntu2.1~18.04.2

1.1.1-1ubuntu2.1~18.04.3

1.1.1-1ubuntu2.1~18.04.4

1.1.1-1ubuntu2.1~18.04.5

1.1.1-1ubuntu2.1~18.04.6

1.1.1-1ubuntu2.1~18.04.7

1.1.1-1ubuntu2.1~18.04.8

Ecosystem specific

{
    "availability": "No subscription required",
    "ubuntu_priority": "high",
    "binaries": [
        {
            "libssl-doc": "1.1.1-1ubuntu2.1~18.04.9",
            "libssl-dev": "1.1.1-1ubuntu2.1~18.04.9",
            "libssl1.1-dbgsym": "1.1.1-1ubuntu2.1~18.04.9",
            "libssl1.1-udeb": "1.1.1-1ubuntu2.1~18.04.9",
            "libssl1.1": "1.1.1-1ubuntu2.1~18.04.9",
            "openssl-dbgsym": "1.1.1-1ubuntu2.1~18.04.9",
            "libcrypto1.1-udeb": "1.1.1-1ubuntu2.1~18.04.9",
            "openssl": "1.1.1-1ubuntu2.1~18.04.9"
        }
    ]
}

Ubuntu:18.04:LTS / openssl1.0

Package

Name: openssl1.0
Purl: pkg:deb/ubuntu/openssl1.0@1.0.2n-1ubuntu5.6?arch=src?distro=bionic

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.0.2n-1ubuntu5.6

Affected versions

1.*

1.0.2n-1ubuntu2

1.0.2n-1ubuntu3

1.0.2n-1ubuntu4

1.0.2n-1ubuntu5

1.0.2n-1ubuntu5.1

1.0.2n-1ubuntu5.2

1.0.2n-1ubuntu5.3

1.0.2n-1ubuntu5.4

1.0.2n-1ubuntu5.5

Ecosystem specific

{
    "availability": "No subscription required",
    "ubuntu_priority": "high",
    "binaries": [
        {
            "libssl1.0.0-dbgsym": "1.0.2n-1ubuntu5.6",
            "libssl1.0-dev": "1.0.2n-1ubuntu5.6",
            "openssl1.0": "1.0.2n-1ubuntu5.6",
            "openssl1.0-dbgsym": "1.0.2n-1ubuntu5.6",
            "libssl1.0.0-udeb": "1.0.2n-1ubuntu5.6",
            "libssl1.0.0": "1.0.2n-1ubuntu5.6",
            "libcrypto1.0.0-udeb": "1.0.2n-1ubuntu5.6"
        }
    ]
}

Ubuntu:18.04:LTS / postgresql-10

Package

Name: postgresql-10
Purl: pkg:deb/ubuntu/postgresql-10@10.18-0ubuntu0.18.04.1?arch=src?distro=bionic

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

10.18-0ubuntu0.18.04.1

Affected versions

10.*

10.1-1

10.1-2

10.2-1

10.3-1

10.4-0ubuntu0.18.04

10.5-0ubuntu0.18.04

10.6-0ubuntu0.18.04.1

10.7-0ubuntu0.18.04.1

10.8-0ubuntu0.18.04.1

10.9-0ubuntu0.18.04.1

10.10-0ubuntu0.18.04.1

10.12-0ubuntu0.18.04.1

10.14-0ubuntu0.18.04.1

10.15-0ubuntu0.18.04.1

10.16-0ubuntu0.18.04.1

10.17-0ubuntu0.18.04.1

Ecosystem specific

{
    "availability": "No subscription required",
    "ubuntu_priority": "high",
    "binaries": [
        {
            "libpgtypes3-dbgsym": "10.18-0ubuntu0.18.04.1",
            "libecpg6": "10.18-0ubuntu0.18.04.1",
            "postgresql-client-10-dbgsym": "10.18-0ubuntu0.18.04.1",
            "postgresql-plpython3-10-dbgsym": "10.18-0ubuntu0.18.04.1",
            "postgresql-plperl-10-dbgsym": "10.18-0ubuntu0.18.04.1",
            "postgresql-server-dev-10-dbgsym": "10.18-0ubuntu0.18.04.1",
            "postgresql-pltcl-10-dbgsym": "10.18-0ubuntu0.18.04.1",
            "libecpg-dev": "10.18-0ubuntu0.18.04.1",
            "postgresql-plperl-10": "10.18-0ubuntu0.18.04.1",
            "libpq5": "10.18-0ubuntu0.18.04.1",
            "libpq5-dbgsym": "10.18-0ubuntu0.18.04.1",
            "postgresql-client-10": "10.18-0ubuntu0.18.04.1",
            "libpgtypes3": "10.18-0ubuntu0.18.04.1",
            "libpq-dev": "10.18-0ubuntu0.18.04.1",
            "libecpg-dev-dbgsym": "10.18-0ubuntu0.18.04.1",
            "postgresql-doc-10": "10.18-0ubuntu0.18.04.1",
            "postgresql-plpython-10": "10.18-0ubuntu0.18.04.1",
            "postgresql-10": "10.18-0ubuntu0.18.04.1",
            "postgresql-10-dbgsym": "10.18-0ubuntu0.18.04.1",
            "postgresql-plpython-10-dbgsym": "10.18-0ubuntu0.18.04.1",
            "libecpg-compat3": "10.18-0ubuntu0.18.04.1",
            "postgresql-server-dev-10": "10.18-0ubuntu0.18.04.1",
            "postgresql-pltcl-10": "10.18-0ubuntu0.18.04.1",
            "postgresql-plpython3-10": "10.18-0ubuntu0.18.04.1",
            "libecpg-compat3-dbgsym": "10.18-0ubuntu0.18.04.1",
            "libecpg6-dbgsym": "10.18-0ubuntu0.18.04.1"
        }
    ]
}

Ubuntu:20.04:LTS / openssl

Package

Name: openssl
Purl: pkg:deb/ubuntu/openssl@1.1.1f-1ubuntu2.3?arch=src?distro=focal

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.1.1f-1ubuntu2.3

Affected versions

1.*

1.1.1c-1ubuntu4

1.1.1d-2ubuntu3

1.1.1d-2ubuntu6

1.1.1f-1ubuntu1

1.1.1f-1ubuntu2

1.1.1f-1ubuntu2.1

1.1.1f-1ubuntu2.2

Ecosystem specific

{
    "availability": "No subscription required",
    "ubuntu_priority": "high",
    "binaries": [
        {
            "libssl-doc": "1.1.1f-1ubuntu2.3",
            "libssl-dev": "1.1.1f-1ubuntu2.3",
            "libssl1.1-dbgsym": "1.1.1f-1ubuntu2.3",
            "libssl1.1-udeb": "1.1.1f-1ubuntu2.3",
            "libssl1.1": "1.1.1f-1ubuntu2.3",
            "openssl-dbgsym": "1.1.1f-1ubuntu2.3",
            "libcrypto1.1-udeb": "1.1.1f-1ubuntu2.3",
            "openssl": "1.1.1f-1ubuntu2.3"
        }
    ]
}

Ubuntu:20.04:LTS / postgresql-12

Package

Name: postgresql-12
Purl: pkg:deb/ubuntu/postgresql-12@12.8-0ubuntu0.20.04.1?arch=src?distro=focal

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

12.8-0ubuntu0.20.04.1

Affected versions

12.*

12.0-1

12.1-1

12.1-2build1

12.2-1

12.2-1ubuntu2

12.2-4

12.4-0ubuntu0.20.04.1

12.5-0ubuntu0.20.04.1

12.6-0ubuntu0.20.04.1

12.7-0ubuntu0.20.04.1

Ecosystem specific

{
    "availability": "No subscription required",
    "ubuntu_priority": "high",
    "binaries": [
        {
            "postgresql-12-dbgsym": "12.8-0ubuntu0.20.04.1",
            "libecpg6": "12.8-0ubuntu0.20.04.1",
            "postgresql-doc-12": "12.8-0ubuntu0.20.04.1",
            "libecpg-dev": "12.8-0ubuntu0.20.04.1",
            "postgresql-client-12-dbgsym": "12.8-0ubuntu0.20.04.1",
            "postgresql-client-12": "12.8-0ubuntu0.20.04.1",
            "libpq5": "12.8-0ubuntu0.20.04.1",
            "libpq5-dbgsym": "12.8-0ubuntu0.20.04.1",
            "postgresql-server-dev-12": "12.8-0ubuntu0.20.04.1",
            "postgresql-pltcl-12-dbgsym": "12.8-0ubuntu0.20.04.1",
            "libpq-dev": "12.8-0ubuntu0.20.04.1",
            "libpgtypes3": "12.8-0ubuntu0.20.04.1",
            "libecpg-dev-dbgsym": "12.8-0ubuntu0.20.04.1",
            "postgresql-plpython3-12": "12.8-0ubuntu0.20.04.1",
            "postgresql-plpython3-12-dbgsym": "12.8-0ubuntu0.20.04.1",
            "postgresql-pltcl-12": "12.8-0ubuntu0.20.04.1",
            "libpgtypes3-dbgsym": "12.8-0ubuntu0.20.04.1",
            "libecpg-compat3": "12.8-0ubuntu0.20.04.1",
            "postgresql-plperl-12": "12.8-0ubuntu0.20.04.1",
            "postgresql-12": "12.8-0ubuntu0.20.04.1",
            "postgresql-plperl-12-dbgsym": "12.8-0ubuntu0.20.04.1",
            "libecpg-compat3-dbgsym": "12.8-0ubuntu0.20.04.1",
            "libecpg6-dbgsym": "12.8-0ubuntu0.20.04.1"
        }
    ]
}

Ubuntu:22.04:LTS / nodejs

Package

Name: nodejs
Purl: pkg:deb/ubuntu/nodejs@12.22.9~dfsg-1ubuntu3?arch=src?distro=jammy

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

12.22.9~dfsg-1ubuntu3

Affected versions

12.*

12.22.5~dfsg-5ubuntu1

12.22.7~dfsg-2ubuntu1

12.22.7~dfsg-2ubuntu3

12.22.9~dfsg-1ubuntu2

Ecosystem specific

{
    "availability": "No subscription required",
    "ubuntu_priority": "high",
    "binaries": [
        {
            "nodejs-doc": "12.22.9~dfsg-1ubuntu3",
            "libnode72": "12.22.9~dfsg-1ubuntu3",
            "nodejs": "12.22.9~dfsg-1ubuntu3",
            "libnode-dev": "12.22.9~dfsg-1ubuntu3",
            "libnode72-dbgsym": "12.22.9~dfsg-1ubuntu3",
            "nodejs-dbgsym": "12.22.9~dfsg-1ubuntu3"
        }
    ]
}