[ubuntu/jaunty-security] openssl_0.9.8g-15ubuntu3.6_ia64_translations.tar.gz, openssl_0.9.8g-15ubuntu3.6_hppa_translations.tar.gz, openssl_0.9.8g-15ubuntu3.6_i386_translations.tar.gz, openssl_0.9.8g-15ubuntu3.6_powerpc_translations.tar.gz, openssl_0.9.8g-15ubuntu3.6_amd64_translations.tar.gz, openssl, openssl_0.9.8g-15ubuntu3.6_sparc_translations.tar.gz (delayed), openssl_0.9.8g-15ubuntu3.6_armel_translations.tar.gz, openssl_0.9.8g-15ubuntu3.6_lpia_translations.tar.gz 0.9.8g-15ubuntu3.6 (Accepted)

Ubuntu Installer archive at ubuntu.com
Thu Oct 7 15:24:44 BST 2010


openssl (0.9.8g-15ubuntu3.6) jaunty-security; urgency=low

  * SECURITY UPDATE: denial of service and possible code execution via
    unchecked bn_wexpand return values. (LP: #655884)
    - crypto/bn/{bn_mul,bn_div,bn_gf2m}.c, crypto/ec/ec2_smpl.c,
      engines/e_ubsec.c: check return values.
    - http://cvs.openssl.org/chngview?cn=18936
    - http://cvs.openssl.org/chngview?cn=19309
    - CVE-2009-3245
  * SECURITY UPDATE: denial of service and possible code execution via
    crafted private key with an invalid prime.
    - ssl/s3_clnt.c: set bn_ctx to NULL after freeing it.
    - http://www.mail-archive.com/openssl-dev@openssl.org/msg28049.html
    - CVE-2010-2939

Date: Wed, 06 Oct 2010 17:50:37 -0400
Changed-By: Marc Deslauriers <marc.deslauriers at ubuntu.com>
Maintainer: Ubuntu Core Developers <ubuntu-devel-discuss at lists.ubuntu.com>
https://launchpad.net/ubuntu/jaunty/+source/openssl/0.9.8g-15ubuntu3.6
-------------- next part --------------
Format: 1.8
Date: Wed, 06 Oct 2010 17:50:37 -0400
Source: openssl
Binary: openssl openssl-doc libssl0.9.8 libcrypto0.9.8-udeb libssl-dev libssl0.9.8-dbg
Architecture: source
Version: 0.9.8g-15ubuntu3.6
Distribution: jaunty-security
Urgency: low
Maintainer: Ubuntu Core Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Changed-By: Marc Deslauriers <marc.deslauriers at ubuntu.com>
Description: 
 libcrypto0.9.8-udeb - crypto shared library - udeb (udeb)
 libssl-dev - SSL development libraries, header files and documentation
 libssl0.9.8 - SSL shared libraries
 libssl0.9.8-dbg - Symbol tables for libssl and libcrypto
 openssl    - Secure Socket Layer (SSL) binary and related cryptographic tools
 openssl-doc - Secure Socket Layer (SSL) documentation
Launchpad-Bugs-Fixed: 655884
Changes: 
 openssl (0.9.8g-15ubuntu3.6) jaunty-security; urgency=low
 .
   * SECURITY UPDATE: denial of service and possible code execution via
     unchecked bn_wexpand return values. (LP: #655884)
     - crypto/bn/{bn_mul,bn_div,bn_gf2m}.c, crypto/ec/ec2_smpl.c,
       engines/e_ubsec.c: check return values.
     - http://cvs.openssl.org/chngview?cn=18936
     - http://cvs.openssl.org/chngview?cn=19309
     - CVE-2009-3245
   * SECURITY UPDATE: denial of service and possible code execution via
     crafted private key with an invalid prime.
     - ssl/s3_clnt.c: set bn_ctx to NULL after freeing it.
     - http://www.mail-archive.com/openssl-dev@openssl.org/msg28049.html
     - CVE-2010-2939
Checksums-Sha1: 
 c31c14ea3667a50b1073bb70214622c996021e05 2078 openssl_0.9.8g-15ubuntu3.6.dsc
 74ef0576ed6e9eaa2bc0660284a5f526600bf1af 76313 openssl_0.9.8g-15ubuntu3.6.diff.gz
Checksums-Sha256: 
 f7bbd2253986bdb715a0494c882cdde09a40820df132c2e9949f971e0a4cc72b 2078 openssl_0.9.8g-15ubuntu3.6.dsc
 a5a46223afe37c21dacf33a4401d16db2a2cc96301029cef1b14e4f9596bfbd1 76313 openssl_0.9.8g-15ubuntu3.6.diff.gz
Files: 
 d5ac54d686002282a7b5ebe088f4d426 2078 utils optional openssl_0.9.8g-15ubuntu3.6.dsc
 12c93b7e67d3d8aef92bb8d5cd915da0 76313 utils optional openssl_0.9.8g-15ubuntu3.6.diff.gz
Original-Maintainer: Debian OpenSSL Team <pkg-openssl-devel at lists.alioth.debian.org>


More information about the Jaunty-changes mailing list