I observed that many users are affected by this bug. (See: https://github.com/curl/curl/issues/8024)
-- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to openssl in Ubuntu. https://bugs.launchpad.net/bugs/1951279 Title: OpenSSL 1.1.1f raise a segmentation faults on Arm64 builds Status in openssl package in Ubuntu: New Bug description: Description ----------- It seems that current Ubuntu 20.04 (Focal) distribution for Arm64/Aarch64 raise a segmentation fault when certain validates some certificates. This issue affects only to Arm64/Aarch64 all the tools statically or dynamically linked with this version of the library are affected (Libcurl4, Curl, Wget, OpenJDK, Curl-PHP, etc). Environment and platform ------------------------ Linux 5.4.0-89-generic #100-Ubuntu SMP Fri Sep 24 14:29:20 UTC 2021 aarch64 aarch64 aarch64 GNU/Linux Steps to reproduce ------------------ 1. Run: curl -v https://graph.facebook.com/v12.0/act_111/ or wget https://graph.facebook.com/v12.0/act_111/ Result received --------------- Segmentation fault (core dumped) Notes ----- This bug was found by the Curl users: See: https://github.com/curl/curl/issues/8024 I believe that this bug is related to https://ubuntu.com/security/CVE-2020-1967 that maybe used as a vector point for code injection. Actually there isn't any replacement for OpenSSL 1.1.1f for Focal (Arm64), so it makes difficult to use Ubuntu 20.04 in a production environment. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openssl/+bug/1951279/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
