[ubuntu/trusty-security] openssl 1.0.1f-1ubuntu2.19 (Accepted)

Marc Deslauriers marc.deslauriers at canonical.com
Tue May 3 14:35:55 UTC 2016


openssl (1.0.1f-1ubuntu2.19) trusty-security; urgency=medium

  * SECURITY UPDATE: EVP_EncodeUpdate overflow
    - debian/patches/CVE-2016-2105.patch: properly check lengths in
      crypto/evp/encode.c, add documentation to
      doc/crypto/EVP_EncodeInit.pod, doc/crypto/evp.pod.
    - CVE-2016-2105
  * SECURITY UPDATE: EVP_EncryptUpdate overflow
    - debian/patches/CVE-2016-2106.patch: fix overflow in
      crypto/evp/evp_enc.c.
    - CVE-2016-2106
  * SECURITY UPDATE: Padding oracle in AES-NI CBC MAC check
    - debian/patches/CVE-2016-2107.patch: check that there are enough
      padding characters in crypto/evp/e_aes_cbc_hmac_sha1.c.
    - CVE-2016-2107
  * SECURITY UPDATE: Memory corruption in the ASN.1 encoder
    - debian/patches/CVE-2016-2108-1.patch: don't mishandle zero if it is
      marked as negative in crypto/asn1/a_int.c.
    - debian/patches/CVE-2016-2108-2.patch: fix ASN1_INTEGER handling in
      crypto/asn1/a_type.c, crypto/asn1/asn1.h, crypto/asn1/tasn_dec.c,
      crypto/asn1/tasn_enc.c.
    - CVE-2016-2108
  * SECURITY UPDATE: ASN.1 BIO excessive memory allocation
    - debian/patches/CVE-2016-2109.patch: properly handle large amounts of
      data in crypto/asn1/a_d2i_fp.c.
    - CVE-2016-2109
  * debian/patches/min_1024_dh_size.patch: change minimum DH size from 768
    to 1024.

Date: 2016-05-02 16:38:19.713081+00:00
Changed-By: Marc Deslauriers <marc.deslauriers at canonical.com>
https://launchpad.net/ubuntu/+source/openssl/1.0.1f-1ubuntu2.19
-------------- next part --------------
Sorry, changesfile not available.


More information about the Trusty-changes mailing list