USN-6663-1: OpenSSL update

Releases

• Ubuntu 23.10
• Ubuntu 22.04 LTS
• Ubuntu 20.04 LTS
• Ubuntu 18.04 ESM

Packages

• openssl - Secure Socket Layer (SSL) cryptographic library and tools

Details

As a security improvement, OpenSSL will now
return deterministic random bytes instead of an error
when detecting wrong padding in PKCS#1 v1.5 RSA
to prevent its use in possible Bleichenbacher timing attacks.

Update instructions

The problem can be corrected by updating your system to the following package versions:

Ubuntu 23.10

• libssl-doc - 3.0.10-1ubuntu2.3
• libssl3 - 3.0.10-1ubuntu2.3
• openssl - 3.0.10-1ubuntu2.3

Ubuntu 22.04

• libssl-doc - 3.0.2-0ubuntu1.15
• libssl3 - 3.0.2-0ubuntu1.15
• openssl - 3.0.2-0ubuntu1.15

Ubuntu 20.04

• libssl-doc - 1.1.1f-1ubuntu2.22
• libssl1.1 - 1.1.1f-1ubuntu2.22
• openssl - 1.1.1f-1ubuntu2.22

Ubuntu 18.04

• libssl-doc - 1.1.1-1ubuntu2.1~18.04.23+esm5
  Available with Ubuntu Pro
• libssl1.1 - 1.1.1-1ubuntu2.1~18.04.23+esm5
  Available with Ubuntu Pro
• openssl - 1.1.1-1ubuntu2.1~18.04.23+esm5
  Available with Ubuntu Pro

After a standard system update you need to reboot your computer to make
all the necessary changes.

References

• https://launchpad.net/bugs/2054090