OpenSSL vulnerability


David Benjamin discovered that OpenSSL incorrectly handled comparing certificates containing a EDIPartyName name type. A remote attacker could possibly use this issue to cause OpenSSL to crash, resulting in a denial of service.

Affected Package

OS OS Version Package Name Package Version
Ubuntu 20.10 libssl1.1 1.1.1f-1ubuntu4.1
Ubuntu 20.04 libssl1.1 1.1.1f-1ubuntu2.1
Ubuntu 20.04 libcrypto1.1-udeb 1.1.1f-1ubuntu2.1
Ubuntu 20.04 libssl-dev 1.1.1f-1ubuntu2.1
Ubuntu 20.04 libssl-doc 1.1.1f-1ubuntu2.1
Ubuntu 20.04 libssl1.1-dbgsym 1.1.1f-1ubuntu2.1
Ubuntu 20.04 libssl1.1-udeb 1.1.1f-1ubuntu2.1
Ubuntu 20.04 openssl 1.1.1f-1ubuntu2.1
Ubuntu 20.04 openssl-dbgsym 1.1.1f-1ubuntu2.1
Ubuntu 18.04 libssl1.0.0 1.0.2n-1ubuntu5.5
Ubuntu 18.04 libcrypto1.0.0-udeb 1.0.2n-1ubuntu5.5
Ubuntu 18.04 libssl1.0-dev 1.0.2n-1ubuntu5.5
Ubuntu 18.04 libssl1.0.0-dbgsym 1.0.2n-1ubuntu5.5
Ubuntu 18.04 libssl1.0.0-udeb 1.0.2n-1ubuntu5.5
Ubuntu 18.04 openssl1.0 1.0.2n-1ubuntu5.5
Ubuntu 18.04 openssl1.0-dbgsym 1.0.2n-1ubuntu5.5
Ubuntu 18.04 libssl1.1 1.1.1-1ubuntu2.1~18.04.7
Ubuntu 18.04 libcrypto1.1-udeb 1.1.1-1ubuntu2.1~18.04.7
Ubuntu 18.04 libssl-dev 1.1.1-1ubuntu2.1~18.04.7
Ubuntu 18.04 libssl-doc 1.1.1-1ubuntu2.1~18.04.7
Ubuntu 18.04 libssl1.1-dbgsym 1.1.1-1ubuntu2.1~18.04.7
Ubuntu 18.04 libssl1.1-udeb 1.1.1-1ubuntu2.1~18.04.7
Ubuntu 18.04 openssl 1.1.1-1ubuntu2.1~18.04.7
Ubuntu 18.04 openssl-dbgsym 1.1.1-1ubuntu2.1~18.04.7
Ubuntu 16.04 libssl1.0.0 1.0.2g-1ubuntu4.18
Ubuntu 16.04 libcrypto1.0.0-udeb 1.0.2g-1ubuntu4.18
Ubuntu 16.04 libcrypto1.0.0-udeb-dbgsym 1.0.2g-1ubuntu4.18
Ubuntu 16.04 libssl-dev 1.0.2g-1ubuntu4.18
Ubuntu 16.04 libssl-dev-dbgsym 1.0.2g-1ubuntu4.18
Ubuntu 16.04 libssl-doc 1.0.2g-1ubuntu4.18
Ubuntu 16.04 libssl1.0.0-dbg 1.0.2g-1ubuntu4.18
Ubuntu 16.04 libssl1.0.0-dbgsym 1.0.2g-1ubuntu4.18
Ubuntu 16.04 libssl1.0.0-udeb 1.0.2g-1ubuntu4.18
Ubuntu 16.04 libssl1.0.0-udeb-dbgsym 1.0.2g-1ubuntu4.18
Ubuntu 16.04 openssl 1.0.2g-1ubuntu4.18
Ubuntu 16.04 openssl-dbgsym 1.0.2g-1ubuntu4.18