UBUNTU-CVE-2023-0215

Source
https://ubuntu.com/security/CVE-2023-0215
Import Source
https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2023/UBUNTU-CVE-2023-0215.json
JSON Data
https://api.osv.dev/v1/vulns/UBUNTU-CVE-2023-0215
Related
Published
2023-02-07T00:00:00Z
Modified
2024-11-20T12:19:14Z
Severity
  • 7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
Summary
[none]
Details

The public API function BIOnewNDEF is a helper function used for streaming ASN.1 data via a BIO. It is primarily used internally to OpenSSL to support the SMIME, CMS and PKCS7 streaming capabilities, but may also be called directly by end user applications. The function receives a BIO from the caller, prepends a new BIOfasn1 filter BIO onto the front of it to form a BIO chain, and then returns the new head of the BIO chain to the caller. Under certain conditions, for example if a CMS recipient public key is invalid, the new filter BIO is freed and the function returns a NULL result indicating a failure. However, in this case, the BIO chain is not properly cleaned up and the BIO passed by the caller still retains internal pointers to the previously freed filter BIO. If the caller then goes on to call BIOpop() on the BIO then a use-after-free will occur. This will most likely result in a crash. This scenario occurs directly in the internal function B64writeASN1() which may cause BIOnewNDEF() to be called and will subsequently call BIOpop() on the BIO. This internal function is in turn called by the public API functions PEMwritebioASN1stream, PEMwritebioCMSstream, PEMwritebioPKCS7stream, SMIMEwriteASN1, SMIMEwriteCMS and SMIMEwritePKCS7. Other public API functions that may be impacted by this include i2dASN1biostream, BIOnewCMS, BIOnewPKCS7, i2dCMSbiostream and i2dPKCS7bio_stream. The OpenSSL cms and smime command line applications are similarly affected.

References

Affected packages

Ubuntu:Pro:14.04:LTS / openssl

Package

Name
openssl
Purl
pkg:deb/ubuntu/openssl?arch=src?distro=trusty/esm

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.0.1f-1ubuntu2.27+esm6

Affected versions

1.*

1.0.1e-3ubuntu1
1.0.1e-4ubuntu1
1.0.1e-4ubuntu2
1.0.1e-4ubuntu3
1.0.1e-4ubuntu4
1.0.1f-1ubuntu1
1.0.1f-1ubuntu2
1.0.1f-1ubuntu2.1
1.0.1f-1ubuntu2.2
1.0.1f-1ubuntu2.3
1.0.1f-1ubuntu2.4
1.0.1f-1ubuntu2.5
1.0.1f-1ubuntu2.7
1.0.1f-1ubuntu2.8
1.0.1f-1ubuntu2.11
1.0.1f-1ubuntu2.12
1.0.1f-1ubuntu2.15
1.0.1f-1ubuntu2.16
1.0.1f-1ubuntu2.17
1.0.1f-1ubuntu2.18
1.0.1f-1ubuntu2.19
1.0.1f-1ubuntu2.20
1.0.1f-1ubuntu2.21
1.0.1f-1ubuntu2.22
1.0.1f-1ubuntu2.23
1.0.1f-1ubuntu2.24
1.0.1f-1ubuntu2.25
1.0.1f-1ubuntu2.26
1.0.1f-1ubuntu2.27
1.0.1f-1ubuntu2.27+esm1
1.0.1f-1ubuntu2.27+esm2
1.0.1f-1ubuntu2.27+esm3
1.0.1f-1ubuntu2.27+esm4
1.0.1f-1ubuntu2.27+esm5

Ecosystem specific

{
    "availability": "Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro",
    "ubuntu_priority": "medium",
    "binaries": [
        {
            "binary_version": "1.0.1f-1ubuntu2.27+esm6",
            "binary_name": "libcrypto1.0.0-udeb"
        },
        {
            "binary_version": "1.0.1f-1ubuntu2.27+esm6",
            "binary_name": "libcrypto1.0.0-udeb-dbgsym"
        },
        {
            "binary_version": "1.0.1f-1ubuntu2.27+esm6",
            "binary_name": "libssl-dev"
        },
        {
            "binary_version": "1.0.1f-1ubuntu2.27+esm6",
            "binary_name": "libssl-dev-dbgsym"
        },
        {
            "binary_version": "1.0.1f-1ubuntu2.27+esm6",
            "binary_name": "libssl-doc"
        },
        {
            "binary_version": "1.0.1f-1ubuntu2.27+esm6",
            "binary_name": "libssl1.0.0"
        },
        {
            "binary_version": "1.0.1f-1ubuntu2.27+esm6",
            "binary_name": "libssl1.0.0-dbg"
        },
        {
            "binary_version": "1.0.1f-1ubuntu2.27+esm6",
            "binary_name": "libssl1.0.0-dbgsym"
        },
        {
            "binary_version": "1.0.1f-1ubuntu2.27+esm6",
            "binary_name": "libssl1.0.0-udeb"
        },
        {
            "binary_version": "1.0.1f-1ubuntu2.27+esm6",
            "binary_name": "libssl1.0.0-udeb-dbgsym"
        },
        {
            "binary_version": "1.0.1f-1ubuntu2.27+esm6",
            "binary_name": "openssl"
        },
        {
            "binary_version": "1.0.1f-1ubuntu2.27+esm6",
            "binary_name": "openssl-dbgsym"
        }
    ]
}

Ubuntu:Pro:16.04:LTS / openssl

Package

Name
openssl
Purl
pkg:deb/ubuntu/openssl?arch=src?distro=esm-infra/xenial

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.0.2g-1ubuntu4.20+esm6

Affected versions

1.*

1.0.2d-0ubuntu1
1.0.2d-0ubuntu2
1.0.2e-1ubuntu1
1.0.2f-2ubuntu1
1.0.2g-1ubuntu2
1.0.2g-1ubuntu3
1.0.2g-1ubuntu4
1.0.2g-1ubuntu4.1
1.0.2g-1ubuntu4.2
1.0.2g-1ubuntu4.4
1.0.2g-1ubuntu4.5
1.0.2g-1ubuntu4.6
1.0.2g-1ubuntu4.8
1.0.2g-1ubuntu4.9
1.0.2g-1ubuntu4.10
1.0.2g-1ubuntu4.11
1.0.2g-1ubuntu4.12
1.0.2g-1ubuntu4.13
1.0.2g-1ubuntu4.14
1.0.2g-1ubuntu4.15
1.0.2g-1ubuntu4.16
1.0.2g-1ubuntu4.17
1.0.2g-1ubuntu4.18
1.0.2g-1ubuntu4.19
1.0.2g-1ubuntu4.20
1.0.2g-1ubuntu4.20+esm1
1.0.2g-1ubuntu4.20+esm2
1.0.2g-1ubuntu4.20+esm3
1.0.2g-1ubuntu4.20+esm4
1.0.2g-1ubuntu4.20+esm5

Ecosystem specific

{
    "availability": "Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro",
    "ubuntu_priority": "medium",
    "binaries": [
        {
            "binary_version": "1.0.2g-1ubuntu4.20+esm6",
            "binary_name": "libcrypto1.0.0-udeb"
        },
        {
            "binary_version": "1.0.2g-1ubuntu4.20+esm6",
            "binary_name": "libcrypto1.0.0-udeb-dbgsym"
        },
        {
            "binary_version": "1.0.2g-1ubuntu4.20+esm6",
            "binary_name": "libssl-dev"
        },
        {
            "binary_version": "1.0.2g-1ubuntu4.20+esm6",
            "binary_name": "libssl-dev-dbgsym"
        },
        {
            "binary_version": "1.0.2g-1ubuntu4.20+esm6",
            "binary_name": "libssl-doc"
        },
        {
            "binary_version": "1.0.2g-1ubuntu4.20+esm6",
            "binary_name": "libssl1.0.0"
        },
        {
            "binary_version": "1.0.2g-1ubuntu4.20+esm6",
            "binary_name": "libssl1.0.0-dbg"
        },
        {
            "binary_version": "1.0.2g-1ubuntu4.20+esm6",
            "binary_name": "libssl1.0.0-dbgsym"
        },
        {
            "binary_version": "1.0.2g-1ubuntu4.20+esm6",
            "binary_name": "libssl1.0.0-udeb"
        },
        {
            "binary_version": "1.0.2g-1ubuntu4.20+esm6",
            "binary_name": "libssl1.0.0-udeb-dbgsym"
        },
        {
            "binary_version": "1.0.2g-1ubuntu4.20+esm6",
            "binary_name": "openssl"
        },
        {
            "binary_version": "1.0.2g-1ubuntu4.20+esm6",
            "binary_name": "openssl-dbgsym"
        }
    ]
}

Ubuntu:Pro:16.04:LTS / edk2

Package

Name
edk2
Purl
pkg:deb/ubuntu/edk2?arch=src?distro=esm-apps/xenial

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

0~20150106.*

0~20150106.5c2d456b-2

0~20160104.*

0~20160104.c2a892d7-1

0~20160408.*

0~20160408.ffea0a2c-2
0~20160408.ffea0a2c-2ubuntu0.1
0~20160408.ffea0a2c-2ubuntu0.2
0~20160408.ffea0a2c-2ubuntu0.2+esm1
0~20160408.ffea0a2c-2ubuntu0.2+esm3

Ecosystem specific

{
    "ubuntu_priority": "medium"
}

Ubuntu:Pro:FIPS:16.04:LTS / openssl

Package

Name
openssl
Purl
pkg:deb/ubuntu/openssl?arch=src?distro=fips-updates/xenial

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.0.2g-1ubuntu4.fips.4.20.6

Affected versions

1.*

1.0.2g-1ubuntu4.fips.4.9.1
1.0.2g-1ubuntu4.fips.4.13.1
1.0.2g-1ubuntu4.fips.4.15.1
1.0.2g-1ubuntu4.fips.4.16.1
1.0.2g-1ubuntu4.fips.4.17.1
1.0.2g-1ubuntu4.fips.4.18.1
1.0.2g-1ubuntu4.fips.4.19.3
1.0.2g-1ubuntu4.fips.4.20.1
1.0.2g-1ubuntu4.fips.4.20.2
1.0.2g-1ubuntu4.fips.4.20.3

Ecosystem specific

{
    "availability": "Available with Ubuntu Pro: https://ubuntu.com/pro",
    "ubuntu_priority": "medium",
    "binaries": [
        {
            "binary_version": "1.0.2g-1ubuntu4.fips.4.20.6",
            "binary_name": "libcrypto1.0.0-udeb"
        },
        {
            "binary_version": "1.0.2g-1ubuntu4.fips.4.20.6",
            "binary_name": "libcrypto1.0.0-udeb-dbgsym"
        },
        {
            "binary_version": "1.0.2g-1ubuntu4.fips.4.20.6",
            "binary_name": "libssl-dev"
        },
        {
            "binary_version": "1.0.2g-1ubuntu4.fips.4.20.6",
            "binary_name": "libssl-dev-dbgsym"
        },
        {
            "binary_version": "1.0.2g-1ubuntu4.fips.4.20.6",
            "binary_name": "libssl-doc"
        },
        {
            "binary_version": "1.0.2g-1ubuntu4.fips.4.20.6",
            "binary_name": "libssl1.0.0"
        },
        {
            "binary_version": "1.0.2g-1ubuntu4.fips.4.20.6",
            "binary_name": "libssl1.0.0-dbg"
        },
        {
            "binary_version": "1.0.2g-1ubuntu4.fips.4.20.6",
            "binary_name": "libssl1.0.0-dbgsym"
        },
        {
            "binary_version": "1.0.2g-1ubuntu4.fips.4.20.6",
            "binary_name": "libssl1.0.0-hmac"
        },
        {
            "binary_version": "1.0.2g-1ubuntu4.fips.4.20.6",
            "binary_name": "libssl1.0.0-hmac-dbgsym"
        },
        {
            "binary_version": "1.0.2g-1ubuntu4.fips.4.20.6",
            "binary_name": "libssl1.0.0-udeb"
        },
        {
            "binary_version": "1.0.2g-1ubuntu4.fips.4.20.6",
            "binary_name": "libssl1.0.0-udeb-dbgsym"
        },
        {
            "binary_version": "1.0.2g-1ubuntu4.fips.4.20.6",
            "binary_name": "openssl"
        },
        {
            "binary_version": "1.0.2g-1ubuntu4.fips.4.20.6",
            "binary_name": "openssl-dbgsym"
        }
    ]
}

Ubuntu:Pro:FIPS:16.04:LTS / openssl

Package

Name
openssl
Purl
pkg:deb/ubuntu/openssl?arch=src?distro=fips/xenial

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

1.*

1.0.2g-1ubuntu4.fips.4.6~ppa1
1.0.2g-1ubuntu4.fips.4.6~ppa2
1.0.2g-1ubuntu4.fips.4.6~ppa3
1.0.2g-1ubuntu4.fips.4.6
1.0.2g-1ubuntu4.fips.4.6.1
1.0.2g-1ubuntu4.fips.4.6.2
1.0.2g-1ubuntu4.fips.4.6.3

Ecosystem specific

{
    "ubuntu_priority": "medium"
}

Ubuntu:18.04:LTS / openssl

Package

Name
openssl
Purl
pkg:deb/ubuntu/openssl?arch=src?distro=bionic

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.1.1-1ubuntu2.1~18.04.21

Affected versions

1.*

1.0.2g-1ubuntu13
1.0.2g-1ubuntu14
1.0.2n-1ubuntu1
1.1.0g-2ubuntu1
1.1.0g-2ubuntu2
1.1.0g-2ubuntu3
1.1.0g-2ubuntu4
1.1.0g-2ubuntu4.1
1.1.0g-2ubuntu4.3
1.1.1-1ubuntu2.1~18.04.1
1.1.1-1ubuntu2.1~18.04.2
1.1.1-1ubuntu2.1~18.04.3
1.1.1-1ubuntu2.1~18.04.4
1.1.1-1ubuntu2.1~18.04.5
1.1.1-1ubuntu2.1~18.04.6
1.1.1-1ubuntu2.1~18.04.7
1.1.1-1ubuntu2.1~18.04.8
1.1.1-1ubuntu2.1~18.04.9
1.1.1-1ubuntu2.1~18.04.10
1.1.1-1ubuntu2.1~18.04.13
1.1.1-1ubuntu2.1~18.04.14
1.1.1-1ubuntu2.1~18.04.15
1.1.1-1ubuntu2.1~18.04.17
1.1.1-1ubuntu2.1~18.04.19
1.1.1-1ubuntu2.1~18.04.20

Ecosystem specific

{
    "availability": "No subscription required",
    "ubuntu_priority": "medium",
    "binaries": [
        {
            "binary_version": "1.1.1-1ubuntu2.1~18.04.21",
            "binary_name": "libcrypto1.1-udeb"
        },
        {
            "binary_version": "1.1.1-1ubuntu2.1~18.04.21",
            "binary_name": "libssl-dev"
        },
        {
            "binary_version": "1.1.1-1ubuntu2.1~18.04.21",
            "binary_name": "libssl-doc"
        },
        {
            "binary_version": "1.1.1-1ubuntu2.1~18.04.21",
            "binary_name": "libssl1.1"
        },
        {
            "binary_version": "1.1.1-1ubuntu2.1~18.04.21",
            "binary_name": "libssl1.1-dbgsym"
        },
        {
            "binary_version": "1.1.1-1ubuntu2.1~18.04.21",
            "binary_name": "libssl1.1-udeb"
        },
        {
            "binary_version": "1.1.1-1ubuntu2.1~18.04.21",
            "binary_name": "openssl"
        },
        {
            "binary_version": "1.1.1-1ubuntu2.1~18.04.21",
            "binary_name": "openssl-dbgsym"
        }
    ]
}

Ubuntu:18.04:LTS / openssl1.0

Package

Name
openssl1.0
Purl
pkg:deb/ubuntu/openssl1.0?arch=src?distro=bionic

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.0.2n-1ubuntu5.11

Affected versions

1.*

1.0.2n-1ubuntu2
1.0.2n-1ubuntu3
1.0.2n-1ubuntu4
1.0.2n-1ubuntu5
1.0.2n-1ubuntu5.1
1.0.2n-1ubuntu5.2
1.0.2n-1ubuntu5.3
1.0.2n-1ubuntu5.4
1.0.2n-1ubuntu5.5
1.0.2n-1ubuntu5.6
1.0.2n-1ubuntu5.7
1.0.2n-1ubuntu5.8
1.0.2n-1ubuntu5.9
1.0.2n-1ubuntu5.10

Ecosystem specific

{
    "availability": "No subscription required",
    "ubuntu_priority": "medium",
    "binaries": [
        {
            "binary_version": "1.0.2n-1ubuntu5.11",
            "binary_name": "libcrypto1.0.0-udeb"
        },
        {
            "binary_version": "1.0.2n-1ubuntu5.11",
            "binary_name": "libssl1.0-dev"
        },
        {
            "binary_version": "1.0.2n-1ubuntu5.11",
            "binary_name": "libssl1.0.0"
        },
        {
            "binary_version": "1.0.2n-1ubuntu5.11",
            "binary_name": "libssl1.0.0-dbgsym"
        },
        {
            "binary_version": "1.0.2n-1ubuntu5.11",
            "binary_name": "libssl1.0.0-udeb"
        },
        {
            "binary_version": "1.0.2n-1ubuntu5.11",
            "binary_name": "openssl1.0"
        },
        {
            "binary_version": "1.0.2n-1ubuntu5.11",
            "binary_name": "openssl1.0-dbgsym"
        }
    ]
}

Ubuntu:Pro:18.04:LTS / edk2

Package

Name
edk2
Purl
pkg:deb/ubuntu/edk2?arch=src?distro=esm-apps/bionic

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

0~20170911.*

0~20170911.5dfba97c-1

0~20171010.*

0~20171010.234dbcef-1

0~20171027.*

0~20171027.76fd5a66-1

0~20171205.*

0~20171205.a9212288-1

0~20180105.*

0~20180105.0bc94c74-1

0~20180205.*

0~20180205.c0d9813c-1
0~20180205.c0d9813c-2
0~20180205.c0d9813c-2ubuntu0.1
0~20180205.c0d9813c-2ubuntu0.2
0~20180205.c0d9813c-2ubuntu0.3
0~20180205.c0d9813c-2ubuntu0.3+esm1
0~20180205.c0d9813c-2ubuntu0.3+esm2

Ecosystem specific

{
    "ubuntu_priority": "medium"
}

Ubuntu:Pro:FIPS-updates:18.04:LTS / openssl

Package

Name
openssl
Purl
pkg:deb/ubuntu/openssl?arch=src?distro=fips-updates/bionic

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.1.1-1ubuntu2.fips.2.1~18.04.21

Affected versions

1.*

1.1.1-1ubuntu2.fips.2.1~18.04.5.1
1.1.1-1ubuntu2.fips.2.1~18.04.6.1
1.1.1-1ubuntu2.fips.2.1~18.04.7.1
1.1.1-1ubuntu2.fips.2.1~18.04.9.1
1.1.1-1ubuntu2.fips.2.1~18.04.9.2
1.1.1-1ubuntu2.fips.2.1~18.04.9.3
1.1.1-1ubuntu2.fips.2.1~18.04.13.2
1.1.1-1ubuntu2.fips.2.1~18.04.15
1.1.1-1ubuntu2.fips.2.1~18.04.15.1
1.1.1-1ubuntu2.fips.2.1~18.04.15.2
1.1.1-1ubuntu2.fips.2.1~18.04.17
1.1.1-1ubuntu2.fips.2.1~18.04.20

Ecosystem specific

{
    "availability": "Available with Ubuntu Pro: https://ubuntu.com/pro",
    "ubuntu_priority": "medium",
    "binaries": [
        {
            "binary_version": "1.1.1-1ubuntu2.fips.2.1~18.04.21",
            "binary_name": "libcrypto1.1-udeb"
        },
        {
            "binary_version": "1.1.1-1ubuntu2.fips.2.1~18.04.21",
            "binary_name": "libssl-dev"
        },
        {
            "binary_version": "1.1.1-1ubuntu2.fips.2.1~18.04.21",
            "binary_name": "libssl-doc"
        },
        {
            "binary_version": "1.1.1-1ubuntu2.fips.2.1~18.04.21",
            "binary_name": "libssl1.1"
        },
        {
            "binary_version": "1.1.1-1ubuntu2.fips.2.1~18.04.21",
            "binary_name": "libssl1.1-dbgsym"
        },
        {
            "binary_version": "1.1.1-1ubuntu2.fips.2.1~18.04.21",
            "binary_name": "libssl1.1-hmac"
        },
        {
            "binary_version": "1.1.1-1ubuntu2.fips.2.1~18.04.21",
            "binary_name": "libssl1.1-udeb"
        },
        {
            "binary_version": "1.1.1-1ubuntu2.fips.2.1~18.04.21",
            "binary_name": "openssl"
        },
        {
            "binary_version": "1.1.1-1ubuntu2.fips.2.1~18.04.21",
            "binary_name": "openssl-dbgsym"
        }
    ]
}

Ubuntu:Pro:FIPS:18.04:LTS / openssl

Package

Name
openssl
Purl
pkg:deb/ubuntu/openssl?arch=src?distro=fips/bionic

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

1.*

1.1.1-1ubuntu2.fips.2.1~18.04.3.1
1.1.1-1ubuntu2.fips.2.1~18.04.15.2

Ecosystem specific

{
    "ubuntu_priority": "medium"
}

Ubuntu:20.04:LTS / edk2

Package

Name
edk2
Purl
pkg:deb/ubuntu/edk2?arch=src?distro=focal

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

0~20190606.*

0~20190606.20d2e5a1-2ubuntu1

0~20190828.*

0~20190828.37eef910-3
0~20190828.37eef910-4

0~20191122.*

0~20191122.bd85bf54-1
0~20191122.bd85bf54-1ubuntu1
0~20191122.bd85bf54-2
0~20191122.bd85bf54-2ubuntu1
0~20191122.bd85bf54-2ubuntu2
0~20191122.bd85bf54-2ubuntu3
0~20191122.bd85bf54-2ubuntu3.1
0~20191122.bd85bf54-2ubuntu3.2
0~20191122.bd85bf54-2ubuntu3.3
0~20191122.bd85bf54-2ubuntu3.4
0~20191122.bd85bf54-2ubuntu3.5
0~20191122.bd85bf54-2ubuntu3.6

Ecosystem specific

{
    "ubuntu_priority": "medium"
}

Ubuntu:20.04:LTS / openssl

Package

Name
openssl
Purl
pkg:deb/ubuntu/openssl?arch=src?distro=focal

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.1.1f-1ubuntu2.17

Affected versions

1.*

1.1.1c-1ubuntu4
1.1.1d-2ubuntu3
1.1.1d-2ubuntu6
1.1.1f-1ubuntu1
1.1.1f-1ubuntu2
1.1.1f-1ubuntu2.1
1.1.1f-1ubuntu2.2
1.1.1f-1ubuntu2.3
1.1.1f-1ubuntu2.4
1.1.1f-1ubuntu2.5
1.1.1f-1ubuntu2.8
1.1.1f-1ubuntu2.9
1.1.1f-1ubuntu2.10
1.1.1f-1ubuntu2.11
1.1.1f-1ubuntu2.12
1.1.1f-1ubuntu2.13
1.1.1f-1ubuntu2.15
1.1.1f-1ubuntu2.16

Ecosystem specific

{
    "availability": "No subscription required",
    "ubuntu_priority": "medium",
    "binaries": [
        {
            "binary_version": "1.1.1f-1ubuntu2.17",
            "binary_name": "libcrypto1.1-udeb"
        },
        {
            "binary_version": "1.1.1f-1ubuntu2.17",
            "binary_name": "libssl-dev"
        },
        {
            "binary_version": "1.1.1f-1ubuntu2.17",
            "binary_name": "libssl-doc"
        },
        {
            "binary_version": "1.1.1f-1ubuntu2.17",
            "binary_name": "libssl1.1"
        },
        {
            "binary_version": "1.1.1f-1ubuntu2.17",
            "binary_name": "libssl1.1-dbgsym"
        },
        {
            "binary_version": "1.1.1f-1ubuntu2.17",
            "binary_name": "libssl1.1-udeb"
        },
        {
            "binary_version": "1.1.1f-1ubuntu2.17",
            "binary_name": "openssl"
        },
        {
            "binary_version": "1.1.1f-1ubuntu2.17",
            "binary_name": "openssl-dbgsym"
        }
    ]
}

Ubuntu:Pro:FIPS-updates:20.04:LTS / openssl

Package

Name
openssl
Purl
pkg:deb/ubuntu/openssl?arch=src?distro=fips-updates/focal

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.1.1f-1ubuntu2.fips.17

Affected versions

1.*

1.1.1f-1ubuntu2.fips.7
1.1.1f-1ubuntu2.fips.7.2
1.1.1f-1ubuntu2.fips.12
1.1.1f-1ubuntu2.fips.13
1.1.1f-1ubuntu2.fips.13.1
1.1.1f-1ubuntu2.fips.16

Ecosystem specific

{
    "availability": "Available with Ubuntu Pro: https://ubuntu.com/pro",
    "ubuntu_priority": "medium",
    "binaries": [
        {
            "binary_version": "1.1.1f-1ubuntu2.fips.17",
            "binary_name": "libcrypto1.1-udeb"
        },
        {
            "binary_version": "1.1.1f-1ubuntu2.fips.17",
            "binary_name": "libssl-dev"
        },
        {
            "binary_version": "1.1.1f-1ubuntu2.fips.17",
            "binary_name": "libssl-doc"
        },
        {
            "binary_version": "1.1.1f-1ubuntu2.fips.17",
            "binary_name": "libssl1.1"
        },
        {
            "binary_version": "1.1.1f-1ubuntu2.fips.17",
            "binary_name": "libssl1.1-dbgsym"
        },
        {
            "binary_version": "1.1.1f-1ubuntu2.fips.17",
            "binary_name": "libssl1.1-hmac"
        },
        {
            "binary_version": "1.1.1f-1ubuntu2.fips.17",
            "binary_name": "libssl1.1-udeb"
        },
        {
            "binary_version": "1.1.1f-1ubuntu2.fips.17",
            "binary_name": "openssl"
        },
        {
            "binary_version": "1.1.1f-1ubuntu2.fips.17",
            "binary_name": "openssl-dbgsym"
        }
    ]
}

Ubuntu:Pro:FIPS:20.04:LTS / openssl

Package

Name
openssl
Purl
pkg:deb/ubuntu/openssl?arch=src?distro=fips/focal

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

1.*

1.1.1f-1ubuntu2.fips.2.8
1.1.1f-1ubuntu2.fips.7.1

Ecosystem specific

{
    "ubuntu_priority": "medium"
}

Ubuntu:22.04:LTS / edk2

Package

Name
edk2
Purl
pkg:deb/ubuntu/edk2?arch=src?distro=jammy

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

2021.*

2021.08~rc0-2
2021.08-3
2021.11~rc1-1
2021.11-1
2021.11-2

2022.*

2022.02~rc1-1
2022.02~rc1-1ubuntu1
2022.02-1
2022.02-2
2022.02-3
2022.02-3ubuntu0.22.04.1
2022.02-3ubuntu0.22.04.2
2022.02-3ubuntu0.22.04.3

Ecosystem specific

{
    "ubuntu_priority": "medium"
}

Ubuntu:22.04:LTS / nodejs

Package

Name
nodejs
Purl
pkg:deb/ubuntu/nodejs?arch=src?distro=jammy

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
12.22.9~dfsg-1ubuntu3.3

Affected versions

12.*

12.22.5~dfsg-5ubuntu1
12.22.7~dfsg-2ubuntu1
12.22.7~dfsg-2ubuntu3
12.22.9~dfsg-1ubuntu2
12.22.9~dfsg-1ubuntu3
12.22.9~dfsg-1ubuntu3.1
12.22.9~dfsg-1ubuntu3.2

Ecosystem specific

{
    "availability": "No subscription required",
    "ubuntu_priority": "medium",
    "binaries": [
        {
            "binary_version": "12.22.9~dfsg-1ubuntu3.3",
            "binary_name": "libnode-dev"
        },
        {
            "binary_version": "12.22.9~dfsg-1ubuntu3.3",
            "binary_name": "libnode72"
        },
        {
            "binary_version": "12.22.9~dfsg-1ubuntu3.3",
            "binary_name": "libnode72-dbgsym"
        },
        {
            "binary_version": "12.22.9~dfsg-1ubuntu3.3",
            "binary_name": "nodejs"
        },
        {
            "binary_version": "12.22.9~dfsg-1ubuntu3.3",
            "binary_name": "nodejs-dbgsym"
        },
        {
            "binary_version": "12.22.9~dfsg-1ubuntu3.3",
            "binary_name": "nodejs-doc"
        }
    ]
}

Ubuntu:22.04:LTS / openssl

Package

Name
openssl
Purl
pkg:deb/ubuntu/openssl?arch=src?distro=jammy

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
3.0.2-0ubuntu1.8

Affected versions

1.*

1.1.1l-1ubuntu1

3.*

3.0.0-1ubuntu1
3.0.1-0ubuntu1
3.0.2-0ubuntu1
3.0.2-0ubuntu1.1
3.0.2-0ubuntu1.2
3.0.2-0ubuntu1.4
3.0.2-0ubuntu1.5
3.0.2-0ubuntu1.6
3.0.2-0ubuntu1.7

Ecosystem specific

{
    "availability": "No subscription required",
    "ubuntu_priority": "medium",
    "binaries": [
        {
            "binary_version": "3.0.2-0ubuntu1.8",
            "binary_name": "libssl-dev"
        },
        {
            "binary_version": "3.0.2-0ubuntu1.8",
            "binary_name": "libssl-doc"
        },
        {
            "binary_version": "3.0.2-0ubuntu1.8",
            "binary_name": "libssl3"
        },
        {
            "binary_version": "3.0.2-0ubuntu1.8",
            "binary_name": "libssl3-dbgsym"
        },
        {
            "binary_version": "3.0.2-0ubuntu1.8",
            "binary_name": "openssl"
        },
        {
            "binary_version": "3.0.2-0ubuntu1.8",
            "binary_name": "openssl-dbgsym"
        }
    ]
}