More information about the OpenSSL version: Package: openssl Architecture: arm64 Version: 1.1.1f-1ubuntu2.9 Multi-Arch: foreign Priority: important Section: utils Origin: Ubuntu Maintainer: Ubuntu Developers <ubuntu-devel-disc...@lists.ubuntu.com> Original-Maintainer: Debian OpenSSL Team <pkg-openssl-de...@lists.alioth.debian.org> Bugs: https://bugs.launchpad.net/ubuntu/+filebug Installed-Size: 1213 Depends: libc6 (>= 2.17), libssl1.1 (>= 1.1.1) Suggests: ca-certificates Filename: pool/main/o/openssl/openssl_1.1.1f-1ubuntu2.9_arm64.deb Size: 598980 MD5sum: da89b21f3a0fe0fb5742b406ddcfe3f0 SHA1: 46000c169dc62b33e5a5cf0775597382576de1d3 SHA256: 62ccb4f98929011145f9d49cefa23a21388ee72aab46b304ad05fec6d46d7d2e SHA512: 27058d8acf628ad2b26926c779c444c7393d44c897f6d23b97c7fc89ae4b0af7dd6ef8d9c28d0aca87fde107235da 940c8a0cb068e5274d87776c44ecd9e399a
-- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to openssl in Ubuntu. https://bugs.launchpad.net/bugs/1951279 Title: OpenSSL 1.1.1f raise a segmentation faults on Arm64 builds Status in openssl package in Ubuntu: Incomplete Bug description: Description ----------- It seems that current Ubuntu 20.04 (Focal) distribution for Arm64/Aarch64 raise a segmentation fault when certain validates some certificates. This issue affects only to Arm64/Aarch64 all the tools statically or dynamically linked with this version of the library are affected (Libcurl4, Curl, Wget, OpenJDK, Curl-PHP, etc). Environment and platform ------------------------ Linux 5.4.0-89-generic #100-Ubuntu SMP Fri Sep 24 14:29:20 UTC 2021 aarch64 aarch64 aarch64 GNU/Linux Steps to reproduce ------------------ 1. Run: curl -v https://graph.facebook.com/v12.0/act_111/ or wget https://graph.facebook.com/v12.0/act_111/ Result received --------------- Segmentation fault (core dumped) Notes ----- This bug was found by the Curl users: See: https://github.com/curl/curl/issues/8024 I believe that this bug is related to https://ubuntu.com/security/CVE-2020-1967 that maybe used as a vector point for code injection. Actually there isn't any replacement for OpenSSL 1.1.1f for Focal (Arm64), so it makes difficult to use Ubuntu 20.04 in a production environment. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openssl/+bug/1951279/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
