UBUNTU-CVE-2022-23491

Source
https://ubuntu.com/security/CVE-2022-23491
Import Source
https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2022/UBUNTU-CVE-2022-23491.json
JSON Data
https://api.osv.dev/v1/vulns/UBUNTU-CVE-2022-23491
Related
Published
2022-12-07T22:15:00Z
Modified
2022-12-07T22:15:00Z
Severity
  • 7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N CVSS Calculator
Summary
[none]
Details

Certifi is a curated collection of Root Certificates for validating the trustworthiness of SSL certificates while verifying the identity of TLS hosts. Certifi 2022.12.07 removes root certificates from "TrustCor" from the root store. These are in the process of being removed from Mozilla's trust store. TrustCor's root certificates are being removed pursuant to an investigation prompted by media reporting that TrustCor's ownership also operated a business that produced spyware. Conclusions of Mozilla's investigation can be found in the linked google group discussion.

References

Affected packages

Ubuntu:Pro:14.04:LTS / ca-certificates

Package

Name
ca-certificates
Purl
pkg:deb/ubuntu/ca-certificates?arch=src?distro=trusty/esm

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
20211016~14.04.1~esm1

Affected versions

Other

20130610
20130906
20130906ubuntu1
20130906ubuntu2

20141019ubuntu0.*

20141019ubuntu0.14.04.1

20160104ubuntu0.*

20160104ubuntu0.14.04.1

20170717~14.*

20170717~14.04.1
20170717~14.04.2

20190110~14.*

20190110~14.04.1~esm1
20190110~14.04.1~esm2

Ecosystem specific

{
    "availability": "Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro",
    "ubuntu_priority": "medium",
    "binaries": [
        {
            "binary_version": "20211016~14.04.1~esm1",
            "binary_name": "ca-certificates"
        },
        {
            "binary_version": "20211016~14.04.1~esm1",
            "binary_name": "ca-certificates-udeb"
        }
    ]
}

Ubuntu:Pro:16.04:LTS / ca-certificates

Package

Name
ca-certificates
Purl
pkg:deb/ubuntu/ca-certificates?arch=src?distro=esm-infra/xenial

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
20211016~16.04.1~esm2

Affected versions

Other

20150426ubuntu1
20160104ubuntu1

20170717~16.*

20170717~16.04.1
20170717~16.04.2

20190110~16.*

20190110~16.04.1

20201027ubuntu0.*

20201027ubuntu0.16.04.1

20210119~16.*

20210119~16.04.1
20210119~16.04.1ubuntu0.1~esm1

20211016~16.*

20211016~16.04.1~esm1

Ecosystem specific

{
    "availability": "Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro",
    "ubuntu_priority": "medium",
    "binaries": [
        {
            "binary_version": "20211016~16.04.1~esm2",
            "binary_name": "ca-certificates"
        },
        {
            "binary_version": "20211016~16.04.1~esm2",
            "binary_name": "ca-certificates-udeb"
        }
    ]
}

Ubuntu:18.04:LTS / ca-certificates

Package

Name
ca-certificates
Purl
pkg:deb/ubuntu/ca-certificates?arch=src?distro=bionic

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
20211016ubuntu0.18.04.1

Affected versions

Other

20170717
20180409

20190110~18.*

20190110~18.04.1

20201027ubuntu0.*

20201027ubuntu0.18.04.1

20210119~18.*

20210119~18.04.1
20210119~18.04.2

20211016~18.*

20211016~18.04.1

Ecosystem specific

{
    "availability": "No subscription required",
    "ubuntu_priority": "medium",
    "binaries": [
        {
            "binary_version": "20211016ubuntu0.18.04.1",
            "binary_name": "ca-certificates"
        },
        {
            "binary_version": "20211016ubuntu0.18.04.1",
            "binary_name": "ca-certificates-udeb"
        }
    ]
}

Ubuntu:20.04:LTS / ca-certificates

Package

Name
ca-certificates
Purl
pkg:deb/ubuntu/ca-certificates?arch=src?distro=focal

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
20211016ubuntu0.20.04.1

Affected versions

Other

20190110
20190110ubuntu1

20190110ubuntu1.*

20190110ubuntu1.1

20201027ubuntu0.*

20201027ubuntu0.20.04.1

20210119~20.*

20210119~20.04.1
20210119~20.04.2

20211016~20.*

20211016~20.04.1

Ecosystem specific

{
    "availability": "No subscription required",
    "ubuntu_priority": "medium",
    "binaries": [
        {
            "binary_version": "20211016ubuntu0.20.04.1",
            "binary_name": "ca-certificates"
        },
        {
            "binary_version": "20211016ubuntu0.20.04.1",
            "binary_name": "ca-certificates-udeb"
        }
    ]
}

Ubuntu:22.04:LTS / ca-certificates

Package

Name
ca-certificates
Purl
pkg:deb/ubuntu/ca-certificates?arch=src?distro=jammy

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
20211016ubuntu0.22.04.1

Affected versions

Other

20210119ubuntu1
20211016

Ecosystem specific

{
    "availability": "No subscription required",
    "ubuntu_priority": "medium",
    "binaries": [
        {
            "binary_version": "20211016ubuntu0.22.04.1",
            "binary_name": "ca-certificates"
        }
    ]
}