UBUNTU-CVE-2023-0466

Source
https://ubuntu.com/security/CVE-2023-0466
Import Source
https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2023/UBUNTU-CVE-2023-0466.json
JSON Data
https://api.osv.dev/v1/vulns/UBUNTU-CVE-2023-0466
Related
Published
2023-03-28T15:15:00Z
Modified
2024-11-20T12:26:22Z
Severity
  • 5.3 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N CVSS Calculator
Summary
[none]
Details

The function X509VERIFYPARAMadd0policy() is documented to implicitly enable the certificate policy check when doing certificate verification. However the implementation of the function does not enable the check which allows certificates with invalid or incorrect policies to pass the certificate verification. As suddenly enabling the policy check could break existing deployments it was decided to keep the existing behavior of the X509VERIFYPARAMadd0policy() function. Instead the applications that require OpenSSL to perform certificate policy check need to use X509VERIFYPARAMset1policies() or explicitly enable the policy check by calling X509VERIFYPARAMsetflags() with the X509VFLAGPOLICYCHECK flag argument. Certificate policy checks are disabled by default in OpenSSL and are not commonly used by applications.

References

Affected packages

Ubuntu:Pro:14.04:LTS / openssl

Package

Name
openssl
Purl
pkg:deb/ubuntu/openssl?arch=src?distro=trusty/esm

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.0.1f-1ubuntu2.27+esm7

Affected versions

1.*

1.0.1e-3ubuntu1
1.0.1e-4ubuntu1
1.0.1e-4ubuntu2
1.0.1e-4ubuntu3
1.0.1e-4ubuntu4
1.0.1f-1ubuntu1
1.0.1f-1ubuntu2
1.0.1f-1ubuntu2.1
1.0.1f-1ubuntu2.2
1.0.1f-1ubuntu2.3
1.0.1f-1ubuntu2.4
1.0.1f-1ubuntu2.5
1.0.1f-1ubuntu2.7
1.0.1f-1ubuntu2.8
1.0.1f-1ubuntu2.11
1.0.1f-1ubuntu2.12
1.0.1f-1ubuntu2.15
1.0.1f-1ubuntu2.16
1.0.1f-1ubuntu2.17
1.0.1f-1ubuntu2.18
1.0.1f-1ubuntu2.19
1.0.1f-1ubuntu2.20
1.0.1f-1ubuntu2.21
1.0.1f-1ubuntu2.22
1.0.1f-1ubuntu2.23
1.0.1f-1ubuntu2.24
1.0.1f-1ubuntu2.25
1.0.1f-1ubuntu2.26
1.0.1f-1ubuntu2.27
1.0.1f-1ubuntu2.27+esm1
1.0.1f-1ubuntu2.27+esm2
1.0.1f-1ubuntu2.27+esm3
1.0.1f-1ubuntu2.27+esm4
1.0.1f-1ubuntu2.27+esm5
1.0.1f-1ubuntu2.27+esm6

Ecosystem specific

{
    "availability": "Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro",
    "ubuntu_priority": "negligible",
    "binaries": [
        {
            "binary_version": "1.0.1f-1ubuntu2.27+esm7",
            "binary_name": "libcrypto1.0.0-udeb"
        },
        {
            "binary_version": "1.0.1f-1ubuntu2.27+esm7",
            "binary_name": "libcrypto1.0.0-udeb-dbgsym"
        },
        {
            "binary_version": "1.0.1f-1ubuntu2.27+esm7",
            "binary_name": "libssl-dev"
        },
        {
            "binary_version": "1.0.1f-1ubuntu2.27+esm7",
            "binary_name": "libssl-dev-dbgsym"
        },
        {
            "binary_version": "1.0.1f-1ubuntu2.27+esm7",
            "binary_name": "libssl-doc"
        },
        {
            "binary_version": "1.0.1f-1ubuntu2.27+esm7",
            "binary_name": "libssl1.0.0"
        },
        {
            "binary_version": "1.0.1f-1ubuntu2.27+esm7",
            "binary_name": "libssl1.0.0-dbg"
        },
        {
            "binary_version": "1.0.1f-1ubuntu2.27+esm7",
            "binary_name": "libssl1.0.0-dbgsym"
        },
        {
            "binary_version": "1.0.1f-1ubuntu2.27+esm7",
            "binary_name": "libssl1.0.0-udeb"
        },
        {
            "binary_version": "1.0.1f-1ubuntu2.27+esm7",
            "binary_name": "libssl1.0.0-udeb-dbgsym"
        },
        {
            "binary_version": "1.0.1f-1ubuntu2.27+esm7",
            "binary_name": "openssl"
        },
        {
            "binary_version": "1.0.1f-1ubuntu2.27+esm7",
            "binary_name": "openssl-dbgsym"
        }
    ]
}

Ubuntu:Pro:16.04:LTS / openssl

Package

Name
openssl
Purl
pkg:deb/ubuntu/openssl?arch=src?distro=esm-infra/xenial

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.0.2g-1ubuntu4.20+esm7

Affected versions

1.*

1.0.2d-0ubuntu1
1.0.2d-0ubuntu2
1.0.2e-1ubuntu1
1.0.2f-2ubuntu1
1.0.2g-1ubuntu2
1.0.2g-1ubuntu3
1.0.2g-1ubuntu4
1.0.2g-1ubuntu4.1
1.0.2g-1ubuntu4.2
1.0.2g-1ubuntu4.4
1.0.2g-1ubuntu4.5
1.0.2g-1ubuntu4.6
1.0.2g-1ubuntu4.8
1.0.2g-1ubuntu4.9
1.0.2g-1ubuntu4.10
1.0.2g-1ubuntu4.11
1.0.2g-1ubuntu4.12
1.0.2g-1ubuntu4.13
1.0.2g-1ubuntu4.14
1.0.2g-1ubuntu4.15
1.0.2g-1ubuntu4.16
1.0.2g-1ubuntu4.17
1.0.2g-1ubuntu4.18
1.0.2g-1ubuntu4.19
1.0.2g-1ubuntu4.20
1.0.2g-1ubuntu4.20+esm1
1.0.2g-1ubuntu4.20+esm2
1.0.2g-1ubuntu4.20+esm3
1.0.2g-1ubuntu4.20+esm4
1.0.2g-1ubuntu4.20+esm5
1.0.2g-1ubuntu4.20+esm6

Ecosystem specific

{
    "availability": "Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro",
    "ubuntu_priority": "negligible",
    "binaries": [
        {
            "binary_version": "1.0.2g-1ubuntu4.20+esm7",
            "binary_name": "libcrypto1.0.0-udeb"
        },
        {
            "binary_version": "1.0.2g-1ubuntu4.20+esm7",
            "binary_name": "libcrypto1.0.0-udeb-dbgsym"
        },
        {
            "binary_version": "1.0.2g-1ubuntu4.20+esm7",
            "binary_name": "libssl-dev"
        },
        {
            "binary_version": "1.0.2g-1ubuntu4.20+esm7",
            "binary_name": "libssl-dev-dbgsym"
        },
        {
            "binary_version": "1.0.2g-1ubuntu4.20+esm7",
            "binary_name": "libssl-doc"
        },
        {
            "binary_version": "1.0.2g-1ubuntu4.20+esm7",
            "binary_name": "libssl1.0.0"
        },
        {
            "binary_version": "1.0.2g-1ubuntu4.20+esm7",
            "binary_name": "libssl1.0.0-dbg"
        },
        {
            "binary_version": "1.0.2g-1ubuntu4.20+esm7",
            "binary_name": "libssl1.0.0-dbgsym"
        },
        {
            "binary_version": "1.0.2g-1ubuntu4.20+esm7",
            "binary_name": "libssl1.0.0-udeb"
        },
        {
            "binary_version": "1.0.2g-1ubuntu4.20+esm7",
            "binary_name": "libssl1.0.0-udeb-dbgsym"
        },
        {
            "binary_version": "1.0.2g-1ubuntu4.20+esm7",
            "binary_name": "openssl"
        },
        {
            "binary_version": "1.0.2g-1ubuntu4.20+esm7",
            "binary_name": "openssl-dbgsym"
        }
    ]
}

Ubuntu:Pro:16.04:LTS / edk2

Package

Name
edk2
Purl
pkg:deb/ubuntu/edk2?arch=src?distro=esm-apps/xenial

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

0~20150106.*

0~20150106.5c2d456b-2

0~20160104.*

0~20160104.c2a892d7-1

0~20160408.*

0~20160408.ffea0a2c-2
0~20160408.ffea0a2c-2ubuntu0.1
0~20160408.ffea0a2c-2ubuntu0.2
0~20160408.ffea0a2c-2ubuntu0.2+esm1
0~20160408.ffea0a2c-2ubuntu0.2+esm3

Ecosystem specific

{
    "ubuntu_priority": "negligible"
}

Ubuntu:Pro:16.04:LTS / nodejs

Package

Name
nodejs
Purl
pkg:deb/ubuntu/nodejs?arch=src?distro=esm-apps/xenial

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

0.*

0.10.25~dfsg2-2ubuntu1

4.*

4.2.2~dfsg-1
4.2.3~dfsg-1
4.2.4~dfsg-1ubuntu1
4.2.4~dfsg-2
4.2.6~dfsg-1ubuntu1
4.2.6~dfsg-1ubuntu4
4.2.6~dfsg-1ubuntu4.1
4.2.6~dfsg-1ubuntu4.2
4.2.6~dfsg-1ubuntu4.2+esm1
4.2.6~dfsg-1ubuntu4.2+esm2
4.2.6~dfsg-1ubuntu4.2+esm3

Ecosystem specific

{
    "ubuntu_priority": "negligible"
}

Ubuntu:Pro:FIPS:16.04:LTS / openssl

Package

Name
openssl
Purl
pkg:deb/ubuntu/openssl?arch=src?distro=fips-updates/xenial

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.0.2g-1ubuntu4.fips.4.20.7

Affected versions

1.*

1.0.2g-1ubuntu4.fips.4.9.1
1.0.2g-1ubuntu4.fips.4.13.1
1.0.2g-1ubuntu4.fips.4.15.1
1.0.2g-1ubuntu4.fips.4.16.1
1.0.2g-1ubuntu4.fips.4.17.1
1.0.2g-1ubuntu4.fips.4.18.1
1.0.2g-1ubuntu4.fips.4.19.3
1.0.2g-1ubuntu4.fips.4.20.1
1.0.2g-1ubuntu4.fips.4.20.2
1.0.2g-1ubuntu4.fips.4.20.3
1.0.2g-1ubuntu4.fips.4.20.6

Ecosystem specific

{
    "availability": "Available with Ubuntu Pro: https://ubuntu.com/pro",
    "ubuntu_priority": "negligible",
    "binaries": [
        {
            "binary_version": "1.0.2g-1ubuntu4.fips.4.20.7",
            "binary_name": "libcrypto1.0.0-udeb"
        },
        {
            "binary_version": "1.0.2g-1ubuntu4.fips.4.20.7",
            "binary_name": "libcrypto1.0.0-udeb-dbgsym"
        },
        {
            "binary_version": "1.0.2g-1ubuntu4.fips.4.20.7",
            "binary_name": "libssl-dev"
        },
        {
            "binary_version": "1.0.2g-1ubuntu4.fips.4.20.7",
            "binary_name": "libssl-dev-dbgsym"
        },
        {
            "binary_version": "1.0.2g-1ubuntu4.fips.4.20.7",
            "binary_name": "libssl-doc"
        },
        {
            "binary_version": "1.0.2g-1ubuntu4.fips.4.20.7",
            "binary_name": "libssl1.0.0"
        },
        {
            "binary_version": "1.0.2g-1ubuntu4.fips.4.20.7",
            "binary_name": "libssl1.0.0-dbg"
        },
        {
            "binary_version": "1.0.2g-1ubuntu4.fips.4.20.7",
            "binary_name": "libssl1.0.0-dbgsym"
        },
        {
            "binary_version": "1.0.2g-1ubuntu4.fips.4.20.7",
            "binary_name": "libssl1.0.0-hmac"
        },
        {
            "binary_version": "1.0.2g-1ubuntu4.fips.4.20.7",
            "binary_name": "libssl1.0.0-hmac-dbgsym"
        },
        {
            "binary_version": "1.0.2g-1ubuntu4.fips.4.20.7",
            "binary_name": "libssl1.0.0-udeb"
        },
        {
            "binary_version": "1.0.2g-1ubuntu4.fips.4.20.7",
            "binary_name": "libssl1.0.0-udeb-dbgsym"
        },
        {
            "binary_version": "1.0.2g-1ubuntu4.fips.4.20.7",
            "binary_name": "openssl"
        },
        {
            "binary_version": "1.0.2g-1ubuntu4.fips.4.20.7",
            "binary_name": "openssl-dbgsym"
        }
    ]
}

Ubuntu:Pro:FIPS:16.04:LTS / openssl

Package

Name
openssl
Purl
pkg:deb/ubuntu/openssl?arch=src?distro=fips/xenial

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

1.*

1.0.2g-1ubuntu4.fips.4.6~ppa1
1.0.2g-1ubuntu4.fips.4.6~ppa2
1.0.2g-1ubuntu4.fips.4.6~ppa3
1.0.2g-1ubuntu4.fips.4.6
1.0.2g-1ubuntu4.fips.4.6.1
1.0.2g-1ubuntu4.fips.4.6.2
1.0.2g-1ubuntu4.fips.4.6.3

Ecosystem specific

{
    "ubuntu_priority": "negligible"
}

Ubuntu:18.04:LTS / openssl

Package

Name
openssl
Purl
pkg:deb/ubuntu/openssl?arch=src?distro=bionic

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.1.1-1ubuntu2.1~18.04.22

Affected versions

1.*

1.0.2g-1ubuntu13
1.0.2g-1ubuntu14
1.0.2n-1ubuntu1
1.1.0g-2ubuntu1
1.1.0g-2ubuntu2
1.1.0g-2ubuntu3
1.1.0g-2ubuntu4
1.1.0g-2ubuntu4.1
1.1.0g-2ubuntu4.3
1.1.1-1ubuntu2.1~18.04.1
1.1.1-1ubuntu2.1~18.04.2
1.1.1-1ubuntu2.1~18.04.3
1.1.1-1ubuntu2.1~18.04.4
1.1.1-1ubuntu2.1~18.04.5
1.1.1-1ubuntu2.1~18.04.6
1.1.1-1ubuntu2.1~18.04.7
1.1.1-1ubuntu2.1~18.04.8
1.1.1-1ubuntu2.1~18.04.9
1.1.1-1ubuntu2.1~18.04.10
1.1.1-1ubuntu2.1~18.04.13
1.1.1-1ubuntu2.1~18.04.14
1.1.1-1ubuntu2.1~18.04.15
1.1.1-1ubuntu2.1~18.04.17
1.1.1-1ubuntu2.1~18.04.19
1.1.1-1ubuntu2.1~18.04.20
1.1.1-1ubuntu2.1~18.04.21

Ecosystem specific

{
    "availability": "No subscription required",
    "ubuntu_priority": "negligible",
    "binaries": [
        {
            "binary_version": "1.1.1-1ubuntu2.1~18.04.22",
            "binary_name": "libcrypto1.1-udeb"
        },
        {
            "binary_version": "1.1.1-1ubuntu2.1~18.04.22",
            "binary_name": "libssl-dev"
        },
        {
            "binary_version": "1.1.1-1ubuntu2.1~18.04.22",
            "binary_name": "libssl-doc"
        },
        {
            "binary_version": "1.1.1-1ubuntu2.1~18.04.22",
            "binary_name": "libssl1.1"
        },
        {
            "binary_version": "1.1.1-1ubuntu2.1~18.04.22",
            "binary_name": "libssl1.1-dbgsym"
        },
        {
            "binary_version": "1.1.1-1ubuntu2.1~18.04.22",
            "binary_name": "libssl1.1-udeb"
        },
        {
            "binary_version": "1.1.1-1ubuntu2.1~18.04.22",
            "binary_name": "openssl"
        },
        {
            "binary_version": "1.1.1-1ubuntu2.1~18.04.22",
            "binary_name": "openssl-dbgsym"
        }
    ]
}

Ubuntu:18.04:LTS / openssl1.0

Package

Name
openssl1.0
Purl
pkg:deb/ubuntu/openssl1.0?arch=src?distro=bionic

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.0.2n-1ubuntu5.12

Affected versions

1.*

1.0.2n-1ubuntu2
1.0.2n-1ubuntu3
1.0.2n-1ubuntu4
1.0.2n-1ubuntu5
1.0.2n-1ubuntu5.1
1.0.2n-1ubuntu5.2
1.0.2n-1ubuntu5.3
1.0.2n-1ubuntu5.4
1.0.2n-1ubuntu5.5
1.0.2n-1ubuntu5.6
1.0.2n-1ubuntu5.7
1.0.2n-1ubuntu5.8
1.0.2n-1ubuntu5.9
1.0.2n-1ubuntu5.10
1.0.2n-1ubuntu5.11

Ecosystem specific

{
    "availability": "No subscription required",
    "ubuntu_priority": "negligible",
    "binaries": [
        {
            "binary_version": "1.0.2n-1ubuntu5.12",
            "binary_name": "libcrypto1.0.0-udeb"
        },
        {
            "binary_version": "1.0.2n-1ubuntu5.12",
            "binary_name": "libssl1.0-dev"
        },
        {
            "binary_version": "1.0.2n-1ubuntu5.12",
            "binary_name": "libssl1.0.0"
        },
        {
            "binary_version": "1.0.2n-1ubuntu5.12",
            "binary_name": "libssl1.0.0-dbgsym"
        },
        {
            "binary_version": "1.0.2n-1ubuntu5.12",
            "binary_name": "libssl1.0.0-udeb"
        },
        {
            "binary_version": "1.0.2n-1ubuntu5.12",
            "binary_name": "openssl1.0"
        },
        {
            "binary_version": "1.0.2n-1ubuntu5.12",
            "binary_name": "openssl1.0-dbgsym"
        }
    ]
}

Ubuntu:Pro:18.04:LTS / edk2

Package

Name
edk2
Purl
pkg:deb/ubuntu/edk2?arch=src?distro=esm-apps/bionic

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

0~20170911.*

0~20170911.5dfba97c-1

0~20171010.*

0~20171010.234dbcef-1

0~20171027.*

0~20171027.76fd5a66-1

0~20171205.*

0~20171205.a9212288-1

0~20180105.*

0~20180105.0bc94c74-1

0~20180205.*

0~20180205.c0d9813c-1
0~20180205.c0d9813c-2
0~20180205.c0d9813c-2ubuntu0.1
0~20180205.c0d9813c-2ubuntu0.2
0~20180205.c0d9813c-2ubuntu0.3
0~20180205.c0d9813c-2ubuntu0.3+esm1
0~20180205.c0d9813c-2ubuntu0.3+esm2

Ecosystem specific

{
    "ubuntu_priority": "negligible"
}

Ubuntu:Pro:18.04:LTS / nodejs

Package

Name
nodejs
Purl
pkg:deb/ubuntu/nodejs?arch=src?distro=esm-apps/bionic

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

6.*

6.11.4~dfsg-1ubuntu1
6.11.4~dfsg-1ubuntu2
6.12.0~dfsg-1ubuntu1
6.12.0~dfsg-2ubuntu1
6.12.0~dfsg-2ubuntu2

8.*

8.10.0~dfsg-2
8.10.0~dfsg-2ubuntu0.2
8.10.0~dfsg-2ubuntu0.3
8.10.0~dfsg-2ubuntu0.4
8.10.0~dfsg-2ubuntu0.4+esm1
8.10.0~dfsg-2ubuntu0.4+esm2
8.10.0~dfsg-2ubuntu0.4+esm3
8.10.0~dfsg-2ubuntu0.4+esm4
8.10.0~dfsg-2ubuntu0.4+esm5

Ecosystem specific

{
    "ubuntu_priority": "negligible"
}

Ubuntu:Pro:FIPS-updates:18.04:LTS / openssl

Package

Name
openssl
Purl
pkg:deb/ubuntu/openssl?arch=src?distro=fips-updates/bionic

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.1.1-1ubuntu2.fips.2.1~18.04.22

Affected versions

1.*

1.1.1-1ubuntu2.fips.2.1~18.04.5.1
1.1.1-1ubuntu2.fips.2.1~18.04.6.1
1.1.1-1ubuntu2.fips.2.1~18.04.7.1
1.1.1-1ubuntu2.fips.2.1~18.04.9.1
1.1.1-1ubuntu2.fips.2.1~18.04.9.2
1.1.1-1ubuntu2.fips.2.1~18.04.9.3
1.1.1-1ubuntu2.fips.2.1~18.04.13.2
1.1.1-1ubuntu2.fips.2.1~18.04.15
1.1.1-1ubuntu2.fips.2.1~18.04.15.1
1.1.1-1ubuntu2.fips.2.1~18.04.15.2
1.1.1-1ubuntu2.fips.2.1~18.04.17
1.1.1-1ubuntu2.fips.2.1~18.04.20
1.1.1-1ubuntu2.fips.2.1~18.04.21

Ecosystem specific

{
    "availability": "Available with Ubuntu Pro: https://ubuntu.com/pro",
    "ubuntu_priority": "negligible",
    "binaries": [
        {
            "binary_version": "1.1.1-1ubuntu2.fips.2.1~18.04.22",
            "binary_name": "libcrypto1.1-udeb"
        },
        {
            "binary_version": "1.1.1-1ubuntu2.fips.2.1~18.04.22",
            "binary_name": "libssl-dev"
        },
        {
            "binary_version": "1.1.1-1ubuntu2.fips.2.1~18.04.22",
            "binary_name": "libssl-doc"
        },
        {
            "binary_version": "1.1.1-1ubuntu2.fips.2.1~18.04.22",
            "binary_name": "libssl1.1"
        },
        {
            "binary_version": "1.1.1-1ubuntu2.fips.2.1~18.04.22",
            "binary_name": "libssl1.1-dbgsym"
        },
        {
            "binary_version": "1.1.1-1ubuntu2.fips.2.1~18.04.22",
            "binary_name": "libssl1.1-hmac"
        },
        {
            "binary_version": "1.1.1-1ubuntu2.fips.2.1~18.04.22",
            "binary_name": "libssl1.1-udeb"
        },
        {
            "binary_version": "1.1.1-1ubuntu2.fips.2.1~18.04.22",
            "binary_name": "openssl"
        },
        {
            "binary_version": "1.1.1-1ubuntu2.fips.2.1~18.04.22",
            "binary_name": "openssl-dbgsym"
        }
    ]
}

Ubuntu:Pro:FIPS:18.04:LTS / openssl

Package

Name
openssl
Purl
pkg:deb/ubuntu/openssl?arch=src?distro=fips/bionic

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

1.*

1.1.1-1ubuntu2.fips.2.1~18.04.3.1
1.1.1-1ubuntu2.fips.2.1~18.04.15.2

Ecosystem specific

{
    "ubuntu_priority": "negligible"
}

Ubuntu:20.04:LTS / edk2

Package

Name
edk2
Purl
pkg:deb/ubuntu/edk2?arch=src?distro=focal

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

0~20190606.*

0~20190606.20d2e5a1-2ubuntu1

0~20190828.*

0~20190828.37eef910-3
0~20190828.37eef910-4

0~20191122.*

0~20191122.bd85bf54-1
0~20191122.bd85bf54-1ubuntu1
0~20191122.bd85bf54-2
0~20191122.bd85bf54-2ubuntu1
0~20191122.bd85bf54-2ubuntu2
0~20191122.bd85bf54-2ubuntu3
0~20191122.bd85bf54-2ubuntu3.1
0~20191122.bd85bf54-2ubuntu3.2
0~20191122.bd85bf54-2ubuntu3.3
0~20191122.bd85bf54-2ubuntu3.4
0~20191122.bd85bf54-2ubuntu3.5
0~20191122.bd85bf54-2ubuntu3.6

Ecosystem specific

{
    "ubuntu_priority": "negligible"
}

Ubuntu:20.04:LTS / openssl

Package

Name
openssl
Purl
pkg:deb/ubuntu/openssl?arch=src?distro=focal

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.1.1f-1ubuntu2.18

Affected versions

1.*

1.1.1c-1ubuntu4
1.1.1d-2ubuntu3
1.1.1d-2ubuntu6
1.1.1f-1ubuntu1
1.1.1f-1ubuntu2
1.1.1f-1ubuntu2.1
1.1.1f-1ubuntu2.2
1.1.1f-1ubuntu2.3
1.1.1f-1ubuntu2.4
1.1.1f-1ubuntu2.5
1.1.1f-1ubuntu2.8
1.1.1f-1ubuntu2.9
1.1.1f-1ubuntu2.10
1.1.1f-1ubuntu2.11
1.1.1f-1ubuntu2.12
1.1.1f-1ubuntu2.13
1.1.1f-1ubuntu2.15
1.1.1f-1ubuntu2.16
1.1.1f-1ubuntu2.17

Ecosystem specific

{
    "availability": "No subscription required",
    "ubuntu_priority": "negligible",
    "binaries": [
        {
            "binary_version": "1.1.1f-1ubuntu2.18",
            "binary_name": "libcrypto1.1-udeb"
        },
        {
            "binary_version": "1.1.1f-1ubuntu2.18",
            "binary_name": "libssl-dev"
        },
        {
            "binary_version": "1.1.1f-1ubuntu2.18",
            "binary_name": "libssl-doc"
        },
        {
            "binary_version": "1.1.1f-1ubuntu2.18",
            "binary_name": "libssl1.1"
        },
        {
            "binary_version": "1.1.1f-1ubuntu2.18",
            "binary_name": "libssl1.1-dbgsym"
        },
        {
            "binary_version": "1.1.1f-1ubuntu2.18",
            "binary_name": "libssl1.1-udeb"
        },
        {
            "binary_version": "1.1.1f-1ubuntu2.18",
            "binary_name": "openssl"
        },
        {
            "binary_version": "1.1.1f-1ubuntu2.18",
            "binary_name": "openssl-dbgsym"
        }
    ]
}

Ubuntu:Pro:FIPS-updates:20.04:LTS / openssl

Package

Name
openssl
Purl
pkg:deb/ubuntu/openssl?arch=src?distro=fips-updates/focal

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.1.1f-1ubuntu2.fips.18

Affected versions

1.*

1.1.1f-1ubuntu2.fips.7
1.1.1f-1ubuntu2.fips.7.2
1.1.1f-1ubuntu2.fips.12
1.1.1f-1ubuntu2.fips.13
1.1.1f-1ubuntu2.fips.13.1
1.1.1f-1ubuntu2.fips.16
1.1.1f-1ubuntu2.fips.17

Ecosystem specific

{
    "availability": "Available with Ubuntu Pro: https://ubuntu.com/pro",
    "ubuntu_priority": "negligible",
    "binaries": [
        {
            "binary_version": "1.1.1f-1ubuntu2.fips.18",
            "binary_name": "libcrypto1.1-udeb"
        },
        {
            "binary_version": "1.1.1f-1ubuntu2.fips.18",
            "binary_name": "libssl-dev"
        },
        {
            "binary_version": "1.1.1f-1ubuntu2.fips.18",
            "binary_name": "libssl-doc"
        },
        {
            "binary_version": "1.1.1f-1ubuntu2.fips.18",
            "binary_name": "libssl1.1"
        },
        {
            "binary_version": "1.1.1f-1ubuntu2.fips.18",
            "binary_name": "libssl1.1-dbgsym"
        },
        {
            "binary_version": "1.1.1f-1ubuntu2.fips.18",
            "binary_name": "libssl1.1-hmac"
        },
        {
            "binary_version": "1.1.1f-1ubuntu2.fips.18",
            "binary_name": "libssl1.1-udeb"
        },
        {
            "binary_version": "1.1.1f-1ubuntu2.fips.18",
            "binary_name": "openssl"
        },
        {
            "binary_version": "1.1.1f-1ubuntu2.fips.18",
            "binary_name": "openssl-dbgsym"
        }
    ]
}

Ubuntu:Pro:FIPS:20.04:LTS / openssl

Package

Name
openssl
Purl
pkg:deb/ubuntu/openssl?arch=src?distro=fips/focal

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

1.*

1.1.1f-1ubuntu2.fips.2.8
1.1.1f-1ubuntu2.fips.7.1

Ecosystem specific

{
    "ubuntu_priority": "negligible"
}

Ubuntu:22.04:LTS / edk2

Package

Name
edk2
Purl
pkg:deb/ubuntu/edk2?arch=src?distro=jammy

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

2021.*

2021.08~rc0-2
2021.08-3
2021.11~rc1-1
2021.11-1
2021.11-2

2022.*

2022.02~rc1-1
2022.02~rc1-1ubuntu1
2022.02-1
2022.02-2
2022.02-3
2022.02-3ubuntu0.22.04.1
2022.02-3ubuntu0.22.04.2
2022.02-3ubuntu0.22.04.3

Ecosystem specific

{
    "ubuntu_priority": "negligible"
}

Ubuntu:22.04:LTS / nodejs

Package

Name
nodejs
Purl
pkg:deb/ubuntu/nodejs?arch=src?distro=jammy

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

12.*

12.22.5~dfsg-5ubuntu1
12.22.7~dfsg-2ubuntu1
12.22.7~dfsg-2ubuntu3
12.22.9~dfsg-1ubuntu2
12.22.9~dfsg-1ubuntu3
12.22.9~dfsg-1ubuntu3.1
12.22.9~dfsg-1ubuntu3.2
12.22.9~dfsg-1ubuntu3.3
12.22.9~dfsg-1ubuntu3.4
12.22.9~dfsg-1ubuntu3.5
12.22.9~dfsg-1ubuntu3.6

Ecosystem specific

{
    "ubuntu_priority": "negligible"
}

Ubuntu:22.04:LTS / openssl

Package

Name
openssl
Purl
pkg:deb/ubuntu/openssl?arch=src?distro=jammy

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
3.0.2-0ubuntu1.9

Affected versions

1.*

1.1.1l-1ubuntu1

3.*

3.0.0-1ubuntu1
3.0.1-0ubuntu1
3.0.2-0ubuntu1
3.0.2-0ubuntu1.1
3.0.2-0ubuntu1.2
3.0.2-0ubuntu1.4
3.0.2-0ubuntu1.5
3.0.2-0ubuntu1.6
3.0.2-0ubuntu1.7
3.0.2-0ubuntu1.8

Ecosystem specific

{
    "availability": "No subscription required",
    "ubuntu_priority": "negligible",
    "binaries": [
        {
            "binary_version": "3.0.2-0ubuntu1.9",
            "binary_name": "libssl-dev"
        },
        {
            "binary_version": "3.0.2-0ubuntu1.9",
            "binary_name": "libssl-doc"
        },
        {
            "binary_version": "3.0.2-0ubuntu1.9",
            "binary_name": "libssl3"
        },
        {
            "binary_version": "3.0.2-0ubuntu1.9",
            "binary_name": "libssl3-dbgsym"
        },
        {
            "binary_version": "3.0.2-0ubuntu1.9",
            "binary_name": "openssl"
        },
        {
            "binary_version": "3.0.2-0ubuntu1.9",
            "binary_name": "openssl-dbgsym"
        }
    ]
}

Ubuntu:24.04:LTS / edk2

Package

Name
edk2
Purl
pkg:deb/ubuntu/edk2?arch=src?distro=noble

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2023.11-5

Affected versions

2023.*

2023.05-2
2023.11-2
2023.11-3
2023.11-4

Ecosystem specific

{
    "availability": "No subscription required",
    "ubuntu_priority": "negligible",
    "binaries": [
        {
            "binary_version": "2023.11-5",
            "binary_name": "efi-shell-aa64"
        },
        {
            "binary_version": "2023.11-5",
            "binary_name": "efi-shell-arm"
        },
        {
            "binary_version": "2023.11-5",
            "binary_name": "efi-shell-ia32"
        },
        {
            "binary_version": "2023.11-5",
            "binary_name": "efi-shell-riscv64"
        },
        {
            "binary_version": "2023.11-5",
            "binary_name": "efi-shell-x64"
        },
        {
            "binary_version": "2023.11-5",
            "binary_name": "ovmf"
        },
        {
            "binary_version": "2023.11-5",
            "binary_name": "ovmf-ia32"
        },
        {
            "binary_version": "2023.11-5",
            "binary_name": "qemu-efi-aarch64"
        },
        {
            "binary_version": "2023.11-5",
            "binary_name": "qemu-efi-arm"
        },
        {
            "binary_version": "2023.11-5",
            "binary_name": "qemu-efi-riscv64"
        }
    ]
}