[ubuntu/precise-updates] openssl 1.0.1-4ubuntu5.11 (Accepted)
Ubuntu Archive Robot
cjwatson+ubuntu-archive-robot at chiark.greenend.org.uk
Thu Jan 9 20:58:21 UTC 2014
openssl (1.0.1-4ubuntu5.11) precise-security; urgency=low
* SECURITY UPDATE: denial of service via invalid TLS handshake
- debian/patches/CVE-2013-4353.patch: handle no new cipher setup in
ssl/s3_both.c.
- CVE-2013-4353
* SECURITY UPDATE: denial of service via incorrect data structure
- debian/patches/CVE-2013-6449.patch: check for handshake digests in
ssl/s3_both.c,ssl/s3_pkt.c,ssl/t1_enc.c, use proper version in
ssl/s3_lib.c.
- CVE-2013-6449
* SECURITY UPDATE: denial of service via DTLS retransmission
- debian/patches/CVE-2013-6450.patch: fix DTLS retransmission in
crypto/evp/digest.c,ssl/d1_both.c,ssl/s3_pkt.c,ssl/s3_srvr.c,
ssl/ssl_locl.h,ssl/t1_enc.c.
- CVE-2013-6450
* debian/patches/no_default_rdrand.patch: Don't use rdrand engine as
default unless explicitly requested.
Date: 2014-01-08 20:39:14.247046+00:00
Changed-By: Marc Deslauriers <marc.deslauriers at canonical.com>
Signed-By: Ubuntu Archive Robot <cjwatson+ubuntu-archive-robot at chiark.greenend.org.uk>
https://launchpad.net/ubuntu/precise/+source/openssl/1.0.1-4ubuntu5.11
-------------- next part --------------
Sorry, changesfile not available.
More information about the Precise-changes
mailing list