[ubuntu/bionic-proposed] openssl 1.1.0g-2ubuntu3 (Accepted)

Marc Deslauriers marc.deslauriers at ubuntu.com
Tue Mar 27 18:07:13 UTC 2018 

openssl (1.1.0g-2ubuntu3) bionic; urgency=medium

  * SECURITY UPDATE: overflow bug in AVX2 Montgomery multiplication
    - debian/patches/CVE-2017-3738.patch: fix digit correction bug in
      crypto/bn/asm/rsaz-avx2.pl.
    - CVE-2017-3738
  * SECURITY UPDATE: DoS via ASN.1 types with a recursive definition
    - debian/patches/CVE-2018-0739.patch: limit stack depth in
      crypto/asn1/asn1_err.c, crypto/asn1/tasn_dec.c,
      include/openssl/asn1.h.
    - CVE-2018-0739

Date: Tue, 27 Mar 2018 13:45:15 -0400
Changed-By: Marc Deslauriers <marc.deslauriers at ubuntu.com>
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
https://launchpad.net/ubuntu/+source/openssl/1.1.0g-2ubuntu3
-------------- next part --------------
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Tue, 27 Mar 2018 13:45:15 -0400
Source: openssl
Binary: openssl libssl1.1 libcrypto1.1-udeb libssl1.1-udeb libssl-dev libssl-doc
Architecture: source
Version: 1.1.0g-2ubuntu3
Distribution: bionic
Urgency: medium
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Changed-By: Marc Deslauriers <marc.deslauriers at ubuntu.com>
Description:
 libcrypto1.1-udeb - Secure Sockets Layer toolkit - libcrypto udeb (udeb)
 libssl-dev - Secure Sockets Layer toolkit - development files
 libssl-doc - Secure Sockets Layer toolkit - development documentation
 libssl1.1  - Secure Sockets Layer toolkit - shared libraries
 libssl1.1-udeb - ssl shared library - udeb (udeb)
 openssl    - Secure Sockets Layer toolkit - cryptographic utility
Changes:
 openssl (1.1.0g-2ubuntu3) bionic; urgency=medium
 .
   * SECURITY UPDATE: overflow bug in AVX2 Montgomery multiplication
     - debian/patches/CVE-2017-3738.patch: fix digit correction bug in
       crypto/bn/asm/rsaz-avx2.pl.
     - CVE-2017-3738
   * SECURITY UPDATE: DoS via ASN.1 types with a recursive definition
     - debian/patches/CVE-2018-0739.patch: limit stack depth in
       crypto/asn1/asn1_err.c, crypto/asn1/tasn_dec.c,
       include/openssl/asn1.h.
     - CVE-2018-0739
Checksums-Sha1:
 32e8bef38d9ecf8c97b040b9c9fd7bf53386f077 2658 openssl_1.1.0g-2ubuntu3.dsc
 a2d180e66f44a639f2c1f4703909fe4c567c2e22 72428 openssl_1.1.0g-2ubuntu3.debian.tar.xz
 39c424b7d8f628f60a356c271b178cf891b21ed5 5654 openssl_1.1.0g-2ubuntu3_source.buildinfo
Checksums-Sha256:
 7e07650fb9e4284ce8d12cd9645ef5f3e8675166ccd085d0f2e43606dfcecf25 2658 openssl_1.1.0g-2ubuntu3.dsc
 e361b8db5eabf067adf7548558816151cc084be058480aa7c7f5251677ddded0 72428 openssl_1.1.0g-2ubuntu3.debian.tar.xz
 caa641abbf18dc234123c8ae5c8deb708f1b4a7ffb99adaecf8dd58eb266be87 5654 openssl_1.1.0g-2ubuntu3_source.buildinfo
Files:
 312c3a75386f66b71cf570571dcace84 2658 utils optional openssl_1.1.0g-2ubuntu3.dsc
 eff9d9dcd061268250e3fc0f558cdab9 72428 utils optional openssl_1.1.0g-2ubuntu3.debian.tar.xz
 8e9bd7955cd9d9d814abada8dc17ce75 5654 utils optional openssl_1.1.0g-2ubuntu3_source.buildinfo
Original-Maintainer: Debian OpenSSL Team <pkg-openssl-devel at lists.alioth.debian.org>

-----BEGIN PGP SIGNATURE-----

iQIcBAEBCgAGBQJauoetAAoJEGVp2FWnRL6TjA4P/2wzOCYhP+sx/OP5eQ2qL/2Z
FX4tA+lYLSWYbAXKrbEnV2MGRGgJaXthXFC8pGSZiuSeOkhlOFJWWdhA0c4uZBLk
cHV941fDdZHESfigiFFZVzF/Rvk9kzBnzSR6Y6P7YazfaPp2IYxCksdvzQdLnM7H
KPExQa4rW1s6x3rgTUvEzqpfCDS8vNuyLvPIgqeagD3Be9MUO8/tnBfcbr2SWHIC
98CcljkdB2Us3bQPNDEEYi/ASW6VC9w5jWTOEGAwI69B/dZlvHw/mVslukJ0F2+9
i2H2uYFOKF2i8U9l87CM+tJB3dy9YwLfRpZdR2slBRaMWVHe9XKkFap0QjxHn92r
J0MnW+UxC+aQ1iywBaer3MuoSCW+cxeqpkKcvcWCWg8FLqwdOop/2xxKj+EgY6zr
hHNWHmBanSGwSmTzMXkTJdUdjzFWtcLsAMc29FTtX84qMi7h4jV3t8AzdKXhFtQ4
2KWc76qp+rpV1w5SckQ1a3lEBl6gJR6HpYB+JMJLo1jE3if30UDA2GTt1WUcEeiv
JMaNje1sNeyZw0Nd5i7i5HJC2JCeYfMz3GUVheZ8CwRUSw8aFTN6YhYeYa2TPyXJ
lk+Z6dCM6L+dwGf1qoKUgLBKuN/+KtVAoqHE2BrR/TOv6DMn13J8eV1/x7QbYvBj
Kn6MAANkqqWyucEBqWiM
=iBMU
-----END PGP SIGNATURE-----

More information about the Bionic-changes mailing list