[ubuntu/hardy-security] openssl_0.9.8g-4ubuntu3.15_ia64_translations.tar.gz, openssl_0.9.8g-4ubuntu3.15_lpia_translations.tar.gz, openssl_0.9.8g-4ubuntu3.15_amd64_translations.tar.gz, openssl_0.9.8g-4ubuntu3.15_powerpc_translations.tar.gz, openssl, openssl_0.9.8g-4ubuntu3.15_hppa_translations.tar.gz, openssl_0.9.8g-4ubuntu3.15_sparc_translations.tar.gz, openssl_0.9.8g-4ubuntu3.15_i386_translations.tar.gz 0.9.8g-4ubuntu3.15 (Accepted)
Steve Beattie
sbeattie at ubuntu.com
Thu Feb 9 21:37:50 UTC 2012
openssl (0.9.8g-4ubuntu3.15) hardy-security; urgency=low
* SECURITY UPDATE: ECDSA private key timing attack
- crypto/ecdsa/ecs_ossl.c: compute with fixed scalar length
- http://cvs.openssl.org/chngview?cn=20892
- CVE-2011-1945
* SECURITY UPDATE: ECDH ciphersuite denial of service
- ssl/s3_lib.c, file ssl/s3_srvr.c: fix memory usage for thread
safety
- http://cvs.openssl.org/chngview?cn=21334
- CVE-2011-3210
* SECURITY UPDATE: DTLS plaintext recovery attack (LP: #922229)
- ssl/d1_pkt.c: perform all computations before discarding messages
- http://cvs.openssl.org/chngview?cn=21942
- http://cvs.openssl.org/chngview?cn=19574
- CVE-2011-4108
* SECURITY UPDATE: policy check double free vulnerability
- crypto/x509v3/pcy_map.c, crypto/x509v3/pcy_tree.c: only free
domain policy in one location
- http://cvs.openssl.org/chngview?cn=21941
- CVE-2011-4019
* SECURITY UPDATE: incorrect elliptic curve computation TLS key
exposure
- crypto/bn/bn_nist.c: perform ellyiptic curve computations
correctly
- update to http://cvs.openssl.org/fileview?f=openssl/crypto/bn/bn_nist.c&v=1.20
- CVE-2011-4354
* SECURITY UPDATE: SSL 3.0 block padding exposure
- ssl/s3_enc.c: clear bytes used for block padding of SSL 3.0
records.
- http://cvs.openssl.org/chngview?cn=21940
- CVE-2011-4576
* SECURITY UPDATE: malformed RFC 3779 data denial of service attack
- crypto/x509v3/v3_addr.c: prevent malformed RFC3779 data
from triggering an assertion failure
- http://cvs.openssl.org/chngview?cn=21937
- CVE-2011-4577
* SECURITY UPDATE: Server Gated Cryptography (SGC) denial of service
- ssl/s3_srvr.c, ssl/ssl.h, ssl/ssl3.h, ssl/ssl_err.c: Only allow
one SGC handshake restart for SSL/TLS.
- CVE-2011-4619
* SECURITY UPDATE: fix for CVE-2011-4108 denial of service attack
- ssl/d1_pkt.c: improve handling of DTLS MAC
- http://cvs.openssl.org/chngview?cn=22032
- CVE-2012-0050
* crypto/ecdsa/ecdsatest.c: fix ECDSA tests
- http://cvs.openssl.org/chngview?cn=21777
- http://cvs.openssl.org/chngview?cn=21995
* debian/libssl0.9.8.postinst: Only issue the reboot notification for
servers by testing that the X server is not running (LP: #244250)
Date: Tue, 31 Jan 2012 01:46:26 -0800
Changed-By: Steve Beattie <sbeattie at ubuntu.com>
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
https://launchpad.net/ubuntu/hardy/+source/openssl/0.9.8g-4ubuntu3.15
-------------- next part --------------
Format: 1.7
Date: Tue, 31 Jan 2012 01:46:26 -0800
Source: openssl
Binary: openssl openssl-doc libssl0.9.8 libcrypto0.9.8-udeb libssl-dev libssl0.9.8-dbg
Architecture: source
Version: 0.9.8g-4ubuntu3.15
Distribution: hardy-security
Urgency: low
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Changed-By: Steve Beattie <sbeattie at ubuntu.com>
Description:
libcrypto0.9.8-udeb - crypto shared library - udeb
libssl-dev - SSL development libraries, header files and documentation
libssl0.9.8 - SSL shared libraries
libssl0.9.8-dbg - Symbol tables for libssl and libcrypto
openssl - Secure Socket Layer (SSL) binary and related cryptographic tools
openssl-doc - Secure Socket Layer (SSL) documentation
Launchpad-Bugs-Fixed: 244250 922229
Changes:
openssl (0.9.8g-4ubuntu3.15) hardy-security; urgency=low
.
* SECURITY UPDATE: ECDSA private key timing attack
- crypto/ecdsa/ecs_ossl.c: compute with fixed scalar length
- http://cvs.openssl.org/chngview?cn=20892
- CVE-2011-1945
* SECURITY UPDATE: ECDH ciphersuite denial of service
- ssl/s3_lib.c, file ssl/s3_srvr.c: fix memory usage for thread
safety
- http://cvs.openssl.org/chngview?cn=21334
- CVE-2011-3210
* SECURITY UPDATE: DTLS plaintext recovery attack (LP: #922229)
- ssl/d1_pkt.c: perform all computations before discarding messages
- http://cvs.openssl.org/chngview?cn=21942
- http://cvs.openssl.org/chngview?cn=19574
- CVE-2011-4108
* SECURITY UPDATE: policy check double free vulnerability
- crypto/x509v3/pcy_map.c, crypto/x509v3/pcy_tree.c: only free
domain policy in one location
- http://cvs.openssl.org/chngview?cn=21941
- CVE-2011-4019
* SECURITY UPDATE: incorrect elliptic curve computation TLS key
exposure
- crypto/bn/bn_nist.c: perform ellyiptic curve computations
correctly
- update to http://cvs.openssl.org/fileview?f=openssl/crypto/bn/bn_nist.c&v=1.20
- CVE-2011-4354
* SECURITY UPDATE: SSL 3.0 block padding exposure
- ssl/s3_enc.c: clear bytes used for block padding of SSL 3.0
records.
- http://cvs.openssl.org/chngview?cn=21940
- CVE-2011-4576
* SECURITY UPDATE: malformed RFC 3779 data denial of service attack
- crypto/x509v3/v3_addr.c: prevent malformed RFC3779 data
from triggering an assertion failure
- http://cvs.openssl.org/chngview?cn=21937
- CVE-2011-4577
* SECURITY UPDATE: Server Gated Cryptography (SGC) denial of service
- ssl/s3_srvr.c, ssl/ssl.h, ssl/ssl3.h, ssl/ssl_err.c: Only allow
one SGC handshake restart for SSL/TLS.
- CVE-2011-4619
* SECURITY UPDATE: fix for CVE-2011-4108 denial of service attack
- ssl/d1_pkt.c: improve handling of DTLS MAC
- http://cvs.openssl.org/chngview?cn=22032
- CVE-2012-0050
* crypto/ecdsa/ecdsatest.c: fix ECDSA tests
- http://cvs.openssl.org/chngview?cn=21777
- http://cvs.openssl.org/chngview?cn=21995
* debian/libssl0.9.8.postinst: Only issue the reboot notification for
servers by testing that the X server is not running (LP: #244250)
Files:
595160a5c9457d93fc9444d0125af9f5 1558 utils optional openssl_0.9.8g-4ubuntu3.15.dsc
e6dc02d7a063ab6a2518ee386a42d979 85913 utils optional openssl_0.9.8g-4ubuntu3.15.diff.gz
Original-Maintainer: Debian OpenSSL Team <pkg-openssl-devel at lists.alioth.debian.org>
More information about the Hardy-changes
mailing list