UBUNTU-CVE-2022-2097

See a problem?

Source

https://ubuntu.com/security/notices/UBUNTU-CVE-2022-2097

Import Source

https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2022/UBUNTU-CVE-2022-2097.json

JSON Data

https://api.osv.dev/v1/vulns/UBUNTU-CVE-2022-2097

Related

Published

2022-07-05T00:00:00Z

Modified

2022-07-05T00:00:00Z

Severity

5.3 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N CVSS Calculator

Summary

[none]

Details

AES OCB mode for 32-bit x86 platforms using the AES-NI assembly optimised implementation will not encrypt the entirety of the data under some circumstances. This could reveal sixteen bytes of data that was preexisting in the memory that wasn't written. In the special case of "in place" encryption, sixteen bytes of the plaintext would be revealed. Since OpenSSL does not support OCB based cipher suites for TLS and DTLS, they are both unaffected. Fixed in OpenSSL 3.0.5 (Affected 3.0.0-3.0.4). Fixed in OpenSSL 1.1.1q (Affected 1.1.1-1.1.1p).

References

Affected packages

Ubuntu:Pro:16.04:LTS / edk2

Package

Name: edk2

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

0~20150106.*

0~20150106.5c2d456b-2

0~20160104.*

0~20160104.c2a892d7-1

0~20160408.*

0~20160408.ffea0a2c-2

0~20160408.ffea0a2c-2ubuntu0.1

0~20160408.ffea0a2c-2ubuntu0.2

0~20160408.ffea0a2c-2ubuntu0.2+esm1

Ecosystem specific

{
    "ubuntu_priority": "medium"
}

Ubuntu:18.04:LTS / openssl

Package

Name: openssl
Purl: pkg:deb/ubuntu/openssl@1.1.1-1ubuntu2.1~18.04.20?arch=src?distro=bionic

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.1.1-1ubuntu2.1~18.04.20

Affected versions

1.*

1.0.2g-1ubuntu13

1.0.2g-1ubuntu14

1.0.2n-1ubuntu1

1.1.0g-2ubuntu1

1.1.0g-2ubuntu2

1.1.0g-2ubuntu3

1.1.0g-2ubuntu4

1.1.0g-2ubuntu4.1

1.1.0g-2ubuntu4.3

1.1.1-1ubuntu2.1~18.04.1

1.1.1-1ubuntu2.1~18.04.2

1.1.1-1ubuntu2.1~18.04.3

1.1.1-1ubuntu2.1~18.04.4

1.1.1-1ubuntu2.1~18.04.5

1.1.1-1ubuntu2.1~18.04.6

1.1.1-1ubuntu2.1~18.04.7

1.1.1-1ubuntu2.1~18.04.8

1.1.1-1ubuntu2.1~18.04.9

1.1.1-1ubuntu2.1~18.04.10

1.1.1-1ubuntu2.1~18.04.13

1.1.1-1ubuntu2.1~18.04.14

1.1.1-1ubuntu2.1~18.04.15

1.1.1-1ubuntu2.1~18.04.17

1.1.1-1ubuntu2.1~18.04.19

Ecosystem specific

{
    "availability": "No subscription required",
    "ubuntu_priority": "medium",
    "binaries": [
        {
            "libssl-doc": "1.1.1-1ubuntu2.1~18.04.20",
            "libssl-dev": "1.1.1-1ubuntu2.1~18.04.20",
            "libssl1.1-dbgsym": "1.1.1-1ubuntu2.1~18.04.20",
            "libssl1.1-udeb": "1.1.1-1ubuntu2.1~18.04.20",
            "libssl1.1": "1.1.1-1ubuntu2.1~18.04.20",
            "openssl-dbgsym": "1.1.1-1ubuntu2.1~18.04.20",
            "libcrypto1.1-udeb": "1.1.1-1ubuntu2.1~18.04.20",
            "openssl": "1.1.1-1ubuntu2.1~18.04.20"
        }
    ]
}

Ubuntu:20.04:LTS / openssl

Package

Name: openssl
Purl: pkg:deb/ubuntu/openssl@1.1.1f-1ubuntu2.16?arch=src?distro=focal

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.1.1f-1ubuntu2.16

Affected versions

1.*

1.1.1c-1ubuntu4

1.1.1d-2ubuntu3

1.1.1d-2ubuntu6

1.1.1f-1ubuntu1

1.1.1f-1ubuntu2

1.1.1f-1ubuntu2.1

1.1.1f-1ubuntu2.2

1.1.1f-1ubuntu2.3

1.1.1f-1ubuntu2.4

1.1.1f-1ubuntu2.5

1.1.1f-1ubuntu2.8

1.1.1f-1ubuntu2.9

1.1.1f-1ubuntu2.10

1.1.1f-1ubuntu2.11

1.1.1f-1ubuntu2.12

1.1.1f-1ubuntu2.13

1.1.1f-1ubuntu2.15

Ecosystem specific

{
    "availability": "No subscription required",
    "ubuntu_priority": "medium",
    "binaries": [
        {
            "libssl-doc": "1.1.1f-1ubuntu2.16",
            "libssl-dev": "1.1.1f-1ubuntu2.16",
            "libssl1.1-dbgsym": "1.1.1f-1ubuntu2.16",
            "libssl1.1-udeb": "1.1.1f-1ubuntu2.16",
            "libssl1.1": "1.1.1f-1ubuntu2.16",
            "openssl-dbgsym": "1.1.1f-1ubuntu2.16",
            "libcrypto1.1-udeb": "1.1.1f-1ubuntu2.16",
            "openssl": "1.1.1f-1ubuntu2.16"
        }
    ]
}

Ubuntu:22.04:LTS / nodejs

Package

Name: nodejs
Purl: pkg:deb/ubuntu/nodejs@12.22.9~dfsg-1ubuntu3.1?arch=src?distro=jammy

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

12.22.9~dfsg-1ubuntu3.1

Affected versions

12.*

12.22.5~dfsg-5ubuntu1

12.22.7~dfsg-2ubuntu1

12.22.7~dfsg-2ubuntu3

12.22.9~dfsg-1ubuntu2

12.22.9~dfsg-1ubuntu3

Ecosystem specific

{
    "availability": "No subscription required",
    "ubuntu_priority": "medium",
    "binaries": [
        {
            "nodejs-doc": "12.22.9~dfsg-1ubuntu3.1",
            "libnode72": "12.22.9~dfsg-1ubuntu3.1",
            "nodejs": "12.22.9~dfsg-1ubuntu3.1",
            "libnode-dev": "12.22.9~dfsg-1ubuntu3.1",
            "libnode72-dbgsym": "12.22.9~dfsg-1ubuntu3.1",
            "nodejs-dbgsym": "12.22.9~dfsg-1ubuntu3.1"
        }
    ]
}

Ubuntu:22.04:LTS / openssl

Package

Name: openssl
Purl: pkg:deb/ubuntu/openssl@3.0.2-0ubuntu1.6?arch=src?distro=jammy

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

3.0.2-0ubuntu1.6

Affected versions

1.*

1.1.1l-1ubuntu1

3.*

3.0.0-1ubuntu1

3.0.1-0ubuntu1

3.0.2-0ubuntu1

3.0.2-0ubuntu1.1

3.0.2-0ubuntu1.2

3.0.2-0ubuntu1.4

3.0.2-0ubuntu1.5

Ecosystem specific

{
    "availability": "No subscription required",
    "ubuntu_priority": "medium",
    "binaries": [
        {
            "libssl3": "3.0.2-0ubuntu1.6",
            "libssl-dev": "3.0.2-0ubuntu1.6",
            "openssl-dbgsym": "3.0.2-0ubuntu1.6",
            "openssl": "3.0.2-0ubuntu1.6",
            "libssl-doc": "3.0.2-0ubuntu1.6",
            "libssl3-dbgsym": "3.0.2-0ubuntu1.6"
        }
    ]
}