Description
If an SSL/TLS server or client is running on a 32-bit host, and a specific
cipher is being used, then a truncated packet can cause that server or
client to perform an out-of-bounds read, usually resulting in a crash. For
OpenSSL 1.1.0, the crash can be triggered when using CHACHA20/POLY1305;
users should upgrade to 1.1.0d. For Openssl 1.0.2, the crash can be
triggered when using RC4-MD5; users who have not disabled that algorithm
should update to 1.0.2k.
Package
Upstream: | needs-triage
|
Ubuntu 18.04 LTS: | released
(1.0.2g-1ubuntu11)
|
Ubuntu 16.04 ESM: | released
(1.0.2g-1ubuntu4.6)
|
Ubuntu 14.04 ESM: | released
(1.0.1f-1ubuntu2.22)
|
Patches:
Package
Upstream: | needs-triage
|
Ubuntu 18.04 LTS: | DNE
|
Ubuntu 14.04 ESM: | DNE
(trusty was needs-triage)
|
Patches:
Updated: 2022-04-13 12:59:18 UTC (commit f411bd370d482ef4385c4e751d121a4055fbc009)