Letsencrypt/OpenSSL test - Verify return code: 21

Juri Haberland juri at koschikode.com
Sun Apr 11 02:40:21 EEST 2021 

On 11/04/2021 01:04, @lbutlr wrote:
> On 10 Apr 2021, at 12:57, Juri Haberland <juri at koschikode.com> wrote:
>> On 10/04/2021 19:52, @lbutlr wrote:
>>> On 10 Apr 2021, at 09:55, B Shea <admin at sheacomputers.net> wrote:
>>>> OpenSSL (Ubuntu default/repo version):  1.1.1f  31 Mar 2020
>>> 
>>> There have been a few critical patches to open SSL in the last year, including a very important one to 1.1.1k just recently.
>>> 
>>> Not to do with your issue, but I suspect updating both openssl and Dovecot are good first steps.
>> 
>> That is the version as distributed by Ubuntu with security fixes
>> backported as usual for most Linux distributions...
> 
> If the date is May 2020, then no, it hasn't.
> 
> As I said, there have been many patches since then, including one very important one very recently (end of march, beginning of April).
> 

$ lsb_release --description
Description:    Ubuntu 20.04.2 LTS
$ openssl version
OpenSSL 1.1.1f  31 Mar 2020
$ dpkg -l | grep openssl
ii  openssl        1.1.1f-1ubuntu2.3 amd64        Secure Sockets Layer
toolkit - cryptographic utility

$ zcat /usr/share/doc/openssl/changelog.Debian.gz | head -n 16
openssl (1.1.1f-1ubuntu2.3) focal-security; urgency=medium

  * SECURITY UPDATE: NULL pointer deref in signature_algorithms processing
    - debian/patches/CVE-2021-3449-1.patch: fix NULL pointer dereference in
      ssl/statem/extensions.c.
    - debian/patches/CVE-2021-3449-2.patch: teach TLSProxy how to encrypt
      <= TLSv1.2 ETM records in util/perl/TLSProxy/Message.pm.
    - debian/patches/CVE-2021-3449-3.patch: add a test to
      test/recipes/70-test_renegotiation.t.
    - debian/patches/CVE-2021-3449-4.patch: ensure buffer/length pairs are
      always in sync in ssl/s3_lib.c, ssl/ssl_lib.c,
      ssl/statem/extensions.c, ssl/statem/extensions_clnt.c,
      ssl/statem/statem_clnt.c, ssl/statem/statem_srvr.c.
    - CVE-2021-3449

 -- Marc Deslauriers <marc.deslauriers at ubuntu.com>  Mon, 22 Mar 2021
07:37:17 -0400


So yes, it is up-to-date.


Cheers,
  Juri

More information about the dovecot mailing list