{"id":"USN-7264-1","summary":"openssl vulnerabilities","details":"It was discovered that OpenSSL clients incorrectly handled authenticating\nservers using RFC7250 Raw Public Keys. In certain cases, the connection\nwill not abort as expected, possibly causing the communication to be\nintercepted. (CVE-2024-12797)\n\nGeorge Pantelakis and Alicja Kario discovered that OpenSSL had a timing\nside-channel when performing ECDSA signature computations. A remote\nattacker could possibly use this issue to recover private data.\n(CVE-2024-13176)\n\nIt was discovered that OpenSSL incorrectly handled certain memory\noperations when using low-level GF(2^m) elliptic curve APIs with untrusted\nexplicit values for the field polynomial. When being used in this uncommon\nfashion, a remote attacker could use this issue to cause OpenSSL to crash,\nresulting in a denial of service, or possibly execute arbitrary code.\n(CVE-2024-9143)\n","modified":"2026-02-04T03:23:15.728898Z","published":"2025-02-11T16:09:22.533371Z","related":["CVE-2024-12797","CVE-2024-13176","CVE-2024-9143","UBUNTU-CVE-2024-12797","UBUNTU-CVE-2024-13176","UBUNTU-CVE-2024-9143"],"references":[{"type":"ADVISORY","url":"https://ubuntu.com/security/notices/USN-7264-1"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2024-9143"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2024-12797"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2024-13176"}],"affected":[{"package":{"name":"openssl","ecosystem":"Ubuntu:24.10","purl":"pkg:deb/ubuntu/openssl@3.3.1-2ubuntu2.1?arch=source&distro=oracular"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"3.3.1-2ubuntu2.1"}]}],"versions":["3.0.13-0ubuntu3","3.0.13-0ubuntu4","3.2.1-3ubuntu1","3.2.2-1ubuntu1","3.2.2-1ubuntu3","3.3.1-2ubuntu1","3.3.1-2ubuntu2"],"ecosystem_specific":{"availability":"No subscription required","binaries":[{"binary_name":"libssl-dev","binary_version":"3.3.1-2ubuntu2.1"},{"binary_name":"libssl-doc","binary_version":"3.3.1-2ubuntu2.1"},{"binary_name":"libssl3t64","binary_version":"3.3.1-2ubuntu2.1"},{"binary_name":"libssl3t64-dbgsym","binary_version":"3.3.1-2ubuntu2.1"},{"binary_name":"openssl","binary_version":"3.3.1-2ubuntu2.1"},{"binary_name":"openssl-dbgsym","binary_version":"3.3.1-2ubuntu2.1"}]},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-7264-1.json"}}],"schema_version":"1.7.3"}