{ "document": { "aggregate_severity": { "text": "Medium" }, "category": "csaf_vex", "csaf_version": "2.0", "distribution": { "text": "TuxCare License Agreement", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Cloud Linux Inc. and provide a link to the original.", "title": "Terms of Use" } ], "publisher": { "category": "vendor", "contact_details": "https://tuxcare.com/contact/", "name": "TuxCare", "namespace": "https://tuxcare.com/" }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://security.tuxcare.com/csaf/v2/els_os/ubuntu20.04els/vex/2023/cve-2023-0465-els_os-ubuntu20_04els.json" } ], "tracking": { "current_release_date": "2026-05-04T18:52:39Z", "generator": { "date": "2026-05-04T18:52:39Z", "engine": { "name": "pyCSAF" } }, "id": "CVE-2023-0465-ELS_OS-UBUNTU20.04ELS", "initial_release_date": "2023-03-28T15:15:00Z", "revision_history": [ { "date": "2023-03-28T15:15:00Z", "number": "1", "summary": "Initial version" }, { "date": "2026-04-20T12:25:25Z", "number": "2", "summary": "Official Publication" }, { "date": "2026-05-04T18:52:39Z", "number": "3", "summary": "Update document" } ], "status": "final", "version": "3" }, "title": "Security update on CVE-2023-0465" }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "Ubuntu 20.04", "product": { "name": "Ubuntu 20.04", "product_id": "Ubuntu-20", "product_identification_helper": { "cpe": "cpe:2.3:o:canonical:ubuntu_linux:20.04:*:*:*:lts:*:*:*" } } } ], "category": "product_family", "name": "Ubuntu" }, { "branches": [ { "category": "product_version", "name": "libssl-dev-0:1.1.1f-1ubuntu2.24.amd64", "product": { "name": "libssl-dev-0:1.1.1f-1ubuntu2.24.amd64", "product_id": "libssl-dev-0:1.1.1f-1ubuntu2.24.amd64", "product_identification_helper": { "purl": "pkg:deb/ubuntu/libssl-dev@1.1.1f-1ubuntu2.24?arch=amd64" } } }, { "category": "product_version", "name": "openssl-0:1.1.1f-1ubuntu2.24.amd64", "product": { "name": "openssl-0:1.1.1f-1ubuntu2.24.amd64", "product_id": "openssl-0:1.1.1f-1ubuntu2.24.amd64", "product_identification_helper": { "purl": "pkg:deb/ubuntu/openssl@1.1.1f-1ubuntu2.24?arch=amd64" } } }, { "category": "product_version", "name": "libssl1.1-0:1.1.1f-1ubuntu2.24.amd64", "product": { "name": "libssl1.1-0:1.1.1f-1ubuntu2.24.amd64", "product_id": "libssl1.1-0:1.1.1f-1ubuntu2.24.amd64", "product_identification_helper": { "purl": "pkg:deb/ubuntu/libssl1.1@1.1.1f-1ubuntu2.24?arch=amd64" } } } ], "category": "architecture", "name": "amd64" }, { "branches": [ { "category": "product_version", "name": "libssl-doc-0:1.1.1f-1ubuntu2.24.all", "product": { "name": "libssl-doc-0:1.1.1f-1ubuntu2.24.all", "product_id": "libssl-doc-0:1.1.1f-1ubuntu2.24.all", "product_identification_helper": { "purl": "pkg:deb/ubuntu/libssl-doc@1.1.1f-1ubuntu2.24?arch=all" } } } ], "category": "architecture", "name": "all" } ], "category": "vendor", "name": "Canonical Ltd." }, { "branches": [ { "branches": [ { "category": "product_version", "name": "libssl-dev-0:1.1.1f-1ubuntu2.24+tuxcare.els2.amd64", "product": { "name": "libssl-dev-0:1.1.1f-1ubuntu2.24+tuxcare.els2.amd64", "product_id": "libssl-dev-0:1.1.1f-1ubuntu2.24+tuxcare.els2.amd64", "product_identification_helper": { "purl": "pkg:deb/tuxcare/libssl-dev@1.1.1f-1ubuntu2.24%2Btuxcare.els2?arch=amd64" } } }, { "category": "product_version", "name": "libssl-dev-0:1.1.1f-1ubuntu2.24+tuxcare.els3.amd64", "product": { "name": "libssl-dev-0:1.1.1f-1ubuntu2.24+tuxcare.els3.amd64", "product_id": "libssl-dev-0:1.1.1f-1ubuntu2.24+tuxcare.els3.amd64", "product_identification_helper": { "purl": "pkg:deb/tuxcare/libssl-dev@1.1.1f-1ubuntu2.24%2Btuxcare.els3?arch=amd64" } } }, { "category": "product_version", "name": "openssl-0:1.1.1f-1ubuntu2.24+tuxcare.els3.amd64", "product": { "name": "openssl-0:1.1.1f-1ubuntu2.24+tuxcare.els3.amd64", "product_id": "openssl-0:1.1.1f-1ubuntu2.24+tuxcare.els3.amd64", "product_identification_helper": { "purl": "pkg:deb/tuxcare/openssl@1.1.1f-1ubuntu2.24%2Btuxcare.els3?arch=amd64" } } }, { "category": "product_version", "name": "libssl1.1-0:1.1.1f-1ubuntu2.24+tuxcare.els3.amd64", "product": { "name": "libssl1.1-0:1.1.1f-1ubuntu2.24+tuxcare.els3.amd64", "product_id": "libssl1.1-0:1.1.1f-1ubuntu2.24+tuxcare.els3.amd64", "product_identification_helper": { "purl": "pkg:deb/tuxcare/libssl1.1@1.1.1f-1ubuntu2.24%2Btuxcare.els3?arch=amd64" } } } ], "category": "architecture", "name": "amd64" }, { "branches": [ { "category": "product_version", "name": "libssl-doc-0:1.1.1f-1ubuntu2.24+tuxcare.els3.all", "product": { "name": "libssl-doc-0:1.1.1f-1ubuntu2.24+tuxcare.els3.all", "product_id": "libssl-doc-0:1.1.1f-1ubuntu2.24+tuxcare.els3.all", "product_identification_helper": { "purl": "pkg:deb/tuxcare/libssl-doc@1.1.1f-1ubuntu2.24%2Btuxcare.els3?arch=all" } } } ], "category": "architecture", "name": "all" } ], "category": "vendor", "name": "TuxCare" } ], "relationships": [ { "category": "default_component_of", "full_product_name": { "name": "libssl-dev-0:1.1.1f-1ubuntu2.24+tuxcare.els2.amd64 as a component of Ubuntu 20.04", "product_id": "Ubuntu-20:libssl-dev-0:1.1.1f-1ubuntu2.24+tuxcare.els2.amd64" }, "product_reference": "libssl-dev-0:1.1.1f-1ubuntu2.24+tuxcare.els2.amd64", "relates_to_product_reference": "Ubuntu-20" }, { "category": "default_component_of", "full_product_name": { "name": "libssl-dev-0:1.1.1f-1ubuntu2.24+tuxcare.els3.amd64 as a component of Ubuntu 20.04", "product_id": "Ubuntu-20:libssl-dev-0:1.1.1f-1ubuntu2.24+tuxcare.els3.amd64" }, "product_reference": "libssl-dev-0:1.1.1f-1ubuntu2.24+tuxcare.els3.amd64", "relates_to_product_reference": "Ubuntu-20" }, { "category": "default_component_of", "full_product_name": { "name": "libssl-dev-0:1.1.1f-1ubuntu2.24.amd64 as a component of Ubuntu 20.04", "product_id": "Ubuntu-20:libssl-dev-0:1.1.1f-1ubuntu2.24.amd64" }, "product_reference": "libssl-dev-0:1.1.1f-1ubuntu2.24.amd64", "relates_to_product_reference": "Ubuntu-20" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-0:1.1.1f-1ubuntu2.24+tuxcare.els3.amd64 as a component of Ubuntu 20.04", "product_id": "Ubuntu-20:openssl-0:1.1.1f-1ubuntu2.24+tuxcare.els3.amd64" }, "product_reference": "openssl-0:1.1.1f-1ubuntu2.24+tuxcare.els3.amd64", "relates_to_product_reference": "Ubuntu-20" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-0:1.1.1f-1ubuntu2.24.amd64 as a component of Ubuntu 20.04", "product_id": "Ubuntu-20:openssl-0:1.1.1f-1ubuntu2.24.amd64" }, "product_reference": "openssl-0:1.1.1f-1ubuntu2.24.amd64", "relates_to_product_reference": "Ubuntu-20" }, { "category": "default_component_of", "full_product_name": { "name": "libssl-doc-0:1.1.1f-1ubuntu2.24+tuxcare.els3.all as a component of Ubuntu 20.04", "product_id": "Ubuntu-20:libssl-doc-0:1.1.1f-1ubuntu2.24+tuxcare.els3.all" }, "product_reference": "libssl-doc-0:1.1.1f-1ubuntu2.24+tuxcare.els3.all", "relates_to_product_reference": "Ubuntu-20" }, { "category": "default_component_of", "full_product_name": { "name": "libssl-doc-0:1.1.1f-1ubuntu2.24.all as a component of Ubuntu 20.04", "product_id": "Ubuntu-20:libssl-doc-0:1.1.1f-1ubuntu2.24.all" }, "product_reference": "libssl-doc-0:1.1.1f-1ubuntu2.24.all", "relates_to_product_reference": "Ubuntu-20" }, { "category": "default_component_of", "full_product_name": { "name": "libssl1.1-0:1.1.1f-1ubuntu2.24+tuxcare.els3.amd64 as a component of Ubuntu 20.04", "product_id": "Ubuntu-20:libssl1.1-0:1.1.1f-1ubuntu2.24+tuxcare.els3.amd64" }, "product_reference": "libssl1.1-0:1.1.1f-1ubuntu2.24+tuxcare.els3.amd64", "relates_to_product_reference": "Ubuntu-20" }, { "category": "default_component_of", "full_product_name": { "name": "libssl1.1-0:1.1.1f-1ubuntu2.24.amd64 as a component of Ubuntu 20.04", "product_id": "Ubuntu-20:libssl1.1-0:1.1.1f-1ubuntu2.24.amd64" }, "product_reference": "libssl1.1-0:1.1.1f-1ubuntu2.24.amd64", "relates_to_product_reference": "Ubuntu-20" } ] }, "vulnerabilities": [ { "cve": "CVE-2023-0465", "cwe": { "id": "CWE-295", "name": "Improper Certificate Validation" }, "notes": [ { "category": "description", "text": "Applications that use a non-default option when verifying certificates may be\nvulnerable to an attack from a malicious CA to circumvent certain checks.\n\nInvalid certificate policies in leaf certificates are silently ignored by\nOpenSSL and other certificate policy checks are skipped for that certificate.\nA malicious CA could use this to deliberately assert invalid certificate policies\nin order to circumvent policy checking on the certificate altogether.\n\nPolicy processing is disabled by default but can be enabled by passing\nthe `-policy' argument to the command line utilities or by calling the\n`X509_VERIFY_PARAM_set1_policies()' function.", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "known_affected": [ "Ubuntu-20:libssl-dev-0:1.1.1f-1ubuntu2.24+tuxcare.els2.amd64", "Ubuntu-20:libssl-dev-0:1.1.1f-1ubuntu2.24+tuxcare.els3.amd64", "Ubuntu-20:libssl-dev-0:1.1.1f-1ubuntu2.24.amd64", "Ubuntu-20:libssl-doc-0:1.1.1f-1ubuntu2.24+tuxcare.els3.all", "Ubuntu-20:libssl-doc-0:1.1.1f-1ubuntu2.24.all", "Ubuntu-20:libssl1.1-0:1.1.1f-1ubuntu2.24+tuxcare.els3.amd64", "Ubuntu-20:libssl1.1-0:1.1.1f-1ubuntu2.24.amd64", "Ubuntu-20:openssl-0:1.1.1f-1ubuntu2.24+tuxcare.els3.amd64", "Ubuntu-20:openssl-0:1.1.1f-1ubuntu2.24.amd64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2023-0465" }, { "category": "external", "summary": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=10325176f3d3e98c6e2b3bf5ab1e3b334de6947a", "url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=10325176f3d3e98c6e2b3bf5ab1e3b334de6947a" }, { "category": "external", "summary": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=1dd43e0709fece299b15208f36cc7c76209ba0bb", "url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=1dd43e0709fece299b15208f36cc7c76209ba0bb" }, { "category": "external", "summary": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=b013765abfa80036dc779dd0e50602c57bb3bf95", "url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=b013765abfa80036dc779dd0e50602c57bb3bf95" }, { "category": "external", "summary": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=facfb1ab745646e97a1920977ae4a9965ea61d5c", "url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=facfb1ab745646e97a1920977ae4a9965ea61d5c" }, { "category": "external", "summary": "https://lists.debian.org/debian-lts-announce/2023/06/msg00011.html", "url": "https://lists.debian.org/debian-lts-announce/2023/06/msg00011.html" }, { "category": "external", "summary": "https://security.gentoo.org/glsa/202402-08", "url": "https://security.gentoo.org/glsa/202402-08" }, { "category": "external", "summary": "https://security.netapp.com/advisory/ntap-20230414-0001/", "url": "https://security.netapp.com/advisory/ntap-20230414-0001/" }, { "category": "external", "summary": "https://www.debian.org/security/2023/dsa-5417", "url": "https://www.debian.org/security/2023/dsa-5417" }, { "category": "external", "summary": "https://www.openssl.org/news/secadv/20230328.txt", "url": "https://www.openssl.org/news/secadv/20230328.txt" } ], "release_date": "2023-03-28T15:15:00Z", "remediations": [ { "category": "no_fix_planned", "details": "This issue is only reachable when an application explicitly enables OpenSSL’s certificate policy processing (via the -policy flag or X509_VERIFY_PARAM_set1_policies); default TLS verification paths do not use it, so standard configurations are unaffected. Exploitation also presumes a malicious or compromised CA capable of issuing a certificate that chains to a trusted root, and the impact is limited to bypassing policy OID checks on the leaf certificate with no confidentiality or availability effect. Given the opt‑in nature, CA‑level preconditions, and limited impact, this can be safely deprioritized in managed enterprise VM/server environments.", "product_ids": [ "Ubuntu-20:libssl-dev-0:1.1.1f-1ubuntu2.24+tuxcare.els2.amd64", "Ubuntu-20:libssl-dev-0:1.1.1f-1ubuntu2.24+tuxcare.els3.amd64", "Ubuntu-20:libssl-dev-0:1.1.1f-1ubuntu2.24.amd64", "Ubuntu-20:libssl-doc-0:1.1.1f-1ubuntu2.24+tuxcare.els3.all", "Ubuntu-20:libssl-doc-0:1.1.1f-1ubuntu2.24.all", "Ubuntu-20:libssl1.1-0:1.1.1f-1ubuntu2.24+tuxcare.els3.amd64", "Ubuntu-20:libssl1.1-0:1.1.1f-1ubuntu2.24.amd64", "Ubuntu-20:openssl-0:1.1.1f-1ubuntu2.24+tuxcare.els3.amd64", "Ubuntu-20:openssl-0:1.1.1f-1ubuntu2.24.amd64" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "version": "3.1" }, "products": [ "Ubuntu-20:libssl-dev-0:1.1.1f-1ubuntu2.24+tuxcare.els2.amd64", "Ubuntu-20:libssl-dev-0:1.1.1f-1ubuntu2.24+tuxcare.els3.amd64", "Ubuntu-20:libssl-dev-0:1.1.1f-1ubuntu2.24.amd64", "Ubuntu-20:libssl-doc-0:1.1.1f-1ubuntu2.24+tuxcare.els3.all", "Ubuntu-20:libssl-doc-0:1.1.1f-1ubuntu2.24.all", "Ubuntu-20:libssl1.1-0:1.1.1f-1ubuntu2.24+tuxcare.els3.amd64", "Ubuntu-20:libssl1.1-0:1.1.1f-1ubuntu2.24.amd64", "Ubuntu-20:openssl-0:1.1.1f-1ubuntu2.24+tuxcare.els3.amd64", "Ubuntu-20:openssl-0:1.1.1f-1ubuntu2.24.amd64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ] } ] }