[ubuntu/eoan-security] openssl 1.1.1c-1ubuntu4.1 (Accepted)
Marc Deslauriers
marc.deslauriers at canonical.com
Thu May 28 11:53:38 UTC 2020
openssl (1.1.1c-1ubuntu4.1) eoan-security; urgency=medium
* SECURITY UPDATE: ECDSA remote timing attack
- debian/patches/CVE-2019-1547.patch: for ECC parameters with NULL or
zero cofactor, compute it in crypto/ec/ec_lib.c.
- CVE-2019-1547
* SECURITY UPDATE: Fork Protection
- debian/patches/CVE-2019-1549.patch: ensure fork-safety without using
a pthread_atfork handler in crypto/include/internal/rand_int.h,
crypto/init.c, crypto/rand/drbg_lib.c, crypto/rand/rand_lcl.h,
crypto/rand/rand_lib.c, crypto/threads_none.c,
crypto/threads_pthread.c, crypto/threads_win.c,
include/internal/cryptlib.h, test/drbgtest.c.
- CVE-2019-1549
* SECURITY UPDATE: rsaz_512_sqr overflow bug on x86_64
- debian/patches/CVE-2019-1551.patch: fix an overflow bug in
rsaz_512_sqr in crypto/bn/asm/rsaz-x86_64.pl.
- CVE-2019-1551
* SECURITY UPDATE: Padding Oracle issue
- debian/patches/CVE-2019-1563.patch: fix a padding oracle in
PKCS7_dataDecode and CMS_decrypt_set1_pkey in crypto/cms/cms_env.c,
crypto/cms/cms_lcl.h, crypto/cms/cms_smime.c,
crypto/pkcs7/pk7_doit.c.
- CVE-2019-1563
Date: 2020-05-27 20:04:13.559195+00:00
Changed-By: Marc Deslauriers <marc.deslauriers at canonical.com>
https://launchpad.net/ubuntu/+source/openssl/1.1.1c-1ubuntu4.1
-------------- next part --------------
Sorry, changesfile not available.
More information about the Eoan-changes
mailing list