{"id":"USN-6663-3","summary":"openssl update","details":"USN-6663-1 provided a security update for OpenSSL.\nThis update provides the corresponding update for\nUbuntu 24.04 LTS.\n\nOriginal advisory details:\n\n As a security improvement, OpenSSL will now\n return deterministic random bytes instead of an error\n when detecting wrong padding in PKCS#1 v1.5 RSA\n to prevent its use in possible Bleichenbacher timing attacks.\n","modified":"2026-04-22T10:45:02.249235Z","published":"2024-05-23T09:27:17Z","related":["UBUNTU-CVE-2024-2408"],"references":[{"type":"ADVISORY","url":"https://ubuntu.com/security/notices/USN-6663-3"},{"type":"REPORT","url":"https://launchpad.net/bugs/2054090"}],"affected":[{"package":{"name":"openssl","ecosystem":"Ubuntu:24.04:LTS","purl":"pkg:deb/ubuntu/openssl@3.0.13-0ubuntu3.1?arch=source&distro=noble"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"3.0.13-0ubuntu3.1"}]}],"versions":["3.0.10-1ubuntu2","3.0.10-1ubuntu2.1","3.0.10-1ubuntu3","3.0.10-1ubuntu4","3.0.13-0ubuntu2","3.0.13-0ubuntu3"],"ecosystem_specific":{"availability":"No subscription required","binaries":[{"binary_version":"3.0.13-0ubuntu3.1","binary_name":"libssl3t64"},{"binary_version":"3.0.13-0ubuntu3.1","binary_name":"openssl"}]},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-6663-3.json","cves_map":{"ecosystem":"Ubuntu:24.04:LTS","cves":[]}}}],"schema_version":"1.7.5"}