[ubuntu/vivid-proposed] openssl 1.0.1f-1ubuntu11 (Accepted)
Marc Deslauriers
marc.deslauriers at ubuntu.com
Thu Mar 19 15:06:16 UTC 2015
openssl (1.0.1f-1ubuntu11) vivid; urgency=medium
* SECURITY UPDATE: denial of service and possible memory corruption via
malformed EC private key
- debian/patches/CVE-2015-0209.patch: fix use after free in
crypto/ec/ec_asn1.c.
- debian/patches/CVE-2015-0209-2.patch: fix a failure to NULL a pointer
freed on error in crypto/asn1/x_x509.c, crypto/ec/ec_asn1.c.
- CVE-2015-0209
* SECURITY UPDATE: denial of service via cert verification
- debian/patches/CVE-2015-0286.patch: handle boolean types in
crypto/asn1/a_type.c.
- CVE-2015-0286
* SECURITY UPDATE: ASN.1 structure reuse memory corruption
- debian/patches/CVE-2015-0287.patch: free up structures in
crypto/asn1/tasn_dec.c.
- CVE-2015-0287
* SECURITY UPDATE: denial of service via invalid certificate key
- debian/patches/CVE-2015-0288.patch: check public key isn't NULL in
crypto/x509/x509_req.c.
- CVE-2015-0288
* SECURITY UPDATE: denial of service and possible code execution via
PKCS#7 parsing
- debian/patches/CVE-2015-0289.patch: handle missing content in
crypto/pkcs7/pk7_doit.c, crypto/pkcs7/pk7_lib.c.
- CVE-2015-0289
* SECURITY UPDATE: denial of service or memory corruption via base64
decoding
- debian/patches/CVE-2015-0292.patch: prevent underflow in
crypto/evp/encode.c.
- CVE-2015-0292
* SECURITY UPDATE: denial of service via assert in SSLv2 servers
- debian/patches/CVE-2015-0293.patch: check key lengths in
ssl/s2_lib.c, ssl/s2_srvr.c.
- debian/patches/CVE-2015-0293-2.patch: fix unsigned/signed warnings in
ssl/s2_srvr.c.
- CVE-2015-0293
Date: Thu, 19 Mar 2015 10:07:13 -0400
Changed-By: Marc Deslauriers <marc.deslauriers at ubuntu.com>
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
https://launchpad.net/ubuntu/+source/openssl/1.0.1f-1ubuntu11
-------------- next part --------------
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Thu, 19 Mar 2015 10:07:13 -0400
Source: openssl
Binary: openssl libssl1.0.0 libcrypto1.0.0-udeb libssl1.0.0-udeb libssl-dev libssl-doc libssl1.0.0-dbg
Architecture: source
Version: 1.0.1f-1ubuntu11
Distribution: vivid
Urgency: medium
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Changed-By: Marc Deslauriers <marc.deslauriers at ubuntu.com>
Description:
libcrypto1.0.0-udeb - Secure Sockets Layer toolkit - libcrypto udeb (udeb)
libssl-dev - Secure Sockets Layer toolkit - development files
libssl-doc - Secure Sockets Layer toolkit - development documentation
libssl1.0.0 - Secure Sockets Layer toolkit - shared libraries
libssl1.0.0-dbg - Secure Sockets Layer toolkit - debug information
libssl1.0.0-udeb - ssl shared library - udeb (udeb)
openssl - Secure Sockets Layer toolkit - cryptographic utility
Changes:
openssl (1.0.1f-1ubuntu11) vivid; urgency=medium
.
* SECURITY UPDATE: denial of service and possible memory corruption via
malformed EC private key
- debian/patches/CVE-2015-0209.patch: fix use after free in
crypto/ec/ec_asn1.c.
- debian/patches/CVE-2015-0209-2.patch: fix a failure to NULL a pointer
freed on error in crypto/asn1/x_x509.c, crypto/ec/ec_asn1.c.
- CVE-2015-0209
* SECURITY UPDATE: denial of service via cert verification
- debian/patches/CVE-2015-0286.patch: handle boolean types in
crypto/asn1/a_type.c.
- CVE-2015-0286
* SECURITY UPDATE: ASN.1 structure reuse memory corruption
- debian/patches/CVE-2015-0287.patch: free up structures in
crypto/asn1/tasn_dec.c.
- CVE-2015-0287
* SECURITY UPDATE: denial of service via invalid certificate key
- debian/patches/CVE-2015-0288.patch: check public key isn't NULL in
crypto/x509/x509_req.c.
- CVE-2015-0288
* SECURITY UPDATE: denial of service and possible code execution via
PKCS#7 parsing
- debian/patches/CVE-2015-0289.patch: handle missing content in
crypto/pkcs7/pk7_doit.c, crypto/pkcs7/pk7_lib.c.
- CVE-2015-0289
* SECURITY UPDATE: denial of service or memory corruption via base64
decoding
- debian/patches/CVE-2015-0292.patch: prevent underflow in
crypto/evp/encode.c.
- CVE-2015-0292
* SECURITY UPDATE: denial of service via assert in SSLv2 servers
- debian/patches/CVE-2015-0293.patch: check key lengths in
ssl/s2_lib.c, ssl/s2_srvr.c.
- debian/patches/CVE-2015-0293-2.patch: fix unsigned/signed warnings in
ssl/s2_srvr.c.
- CVE-2015-0293
Checksums-Sha1:
03b52d5331d72d4e92fea8a72995ecc781f3b50a 2421 openssl_1.0.1f-1ubuntu11.dsc
c29b29a2fac135b648efe562ec9e3e758651c9ce 158772 openssl_1.0.1f-1ubuntu11.debian.tar.xz
Checksums-Sha256:
efc226358f5b7601f98daddf9f149fa6fd9e76fe2465692324a933830be2c35a 2421 openssl_1.0.1f-1ubuntu11.dsc
fd3a36a4ddfdcc5ec3cce94a07c7e29da971686daf47d79b6460205f2cb5ecc6 158772 openssl_1.0.1f-1ubuntu11.debian.tar.xz
Files:
a2a251ee340f6d89b6583522c747268b 2421 utils optional openssl_1.0.1f-1ubuntu11.dsc
741588908c3bfeb6840ad68ad326fb83 158772 utils optional openssl_1.0.1f-1ubuntu11.debian.tar.xz
Original-Maintainer: Debian OpenSSL Team <pkg-openssl-devel at lists.alioth.debian.org>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIcBAEBCgAGBQJVCuRfAAoJEGVp2FWnRL6TrWsP/0iVx6Ff7K0fmxALFv6QXxe+
WbEYWnSYOw7SJXmNFjpkk6T4g09HCQ51cKk0phZ40FrAjh6uA9BCHRtJ8Xh132uK
oc1fgv0rVgXrZrlnIotPdURrTR+vxT29mjmmmfsC8K6FuXi24pb952RfL6VwD8TS
vAp9iuo0l0Wtd4PgA4c2hkPWrzSx7DShPcBoTABuHrZeBbEGwMMTO2sZ3gDYhvxC
zMYOgc2dRMqvVqDjrQ6hm04NERutnVjEa6cgwSDxaTghTYKn4BqhAV1/vfur7LJN
+4sPZinxlRC2FXiwpPtLAc8zYDuRL5nmdWaZz/hNYoekBtMUK7f8SqmPfyNMfSPY
yr1bcK5LdPSoAS8zmNrPMJJK7x8q11y2HHqx69UHc/az6JkEC2yZt1PpF9rkpUcc
8C2PAl9v1tCgF/cft/VqsMByhxfN0gGI4uJ96tF5cVv55zxZ2OqDBPEAA7+Z14WO
+qO/tmnjcz8tdTNMJsWCXMykaT9fOUxb3QT6RPwbt5cC71c+BHrk2jSp+ml5ZpEU
FXHfLWSkzJ1Jw9e9TlRSTGajBNNuWOTPiiHJ18e/guMJfPKe9xzIjo5a816TKXet
PeTsAKrgm6bZwilY3Xdh0iknBlABWwz8Z/r3/GG9T6JRXywtP1wfW+QQITYedT6H
yTbPeWlFijq6G3o2gcXD
=Fm8L
-----END PGP SIGNATURE-----
More information about the Vivid-changes
mailing list