[ubuntu/trusty-security] openssl 1.0.1f-1ubuntu2.26 (Accepted)
Marc Deslauriers
marc.deslauriers at canonical.com
Tue Jun 26 11:33:35 UTC 2018
openssl (1.0.1f-1ubuntu2.26) trusty-security; urgency=medium
* SECURITY UPDATE: ECDSA key extraction side channel
- debian/patches/CVE-2018-0495.patch: add blinding to an ECDSA
signature in crypto/ecdsa/ecdsatest.c, crypto/ecdsa/ecs_ossl.c.
- CVE-2018-0495
* SECURITY UPDATE: denial of service via long prime values
- debian/patches/CVE-2018-0732.patch: reject excessively large primes
in DH key generation in crypto/dh/dh_key.c.
- CVE-2018-0732
* SECURITY UPDATE: RSA cache timing side channel attack
(previous update was incomplete)
- debian/patches/CVE-2018-0737-1.patch: replaced variable-time GCD in
crypto/rsa/rsa_gen.c.
- debian/patches/CVE-2018-0737-2.patch: used ERR set/pop mark in
crypto/rsa/rsa_gen.c.
- debian/patches/CVE-2018-0737-3.patch: consttime flag changed in
crypto/rsa/rsa_gen.c.
- debian/patches/CVE-2018-0737-4.patch: ensure BN_mod_inverse and
BN_mod_exp_mont both get called with BN_FLG_CONSTTIME flag set in
crypto/rsa/rsa_gen.c.
- CVE-2018-0737
Date: 2018-06-20 12:24:28.832906+00:00
Changed-By: Marc Deslauriers <marc.deslauriers at canonical.com>
https://launchpad.net/ubuntu/+source/openssl/1.0.1f-1ubuntu2.26
-------------- next part --------------
Sorry, changesfile not available.
More information about the Trusty-changes
mailing list