[ubuntu/wily-updates] openssl 1.0.2d-0ubuntu1.4 (Accepted)
Ubuntu Archive Robot
cjwatson+ubuntu-archive-robot at chiark.greenend.org.uk
Tue Mar 1 15:28:20 UTC 2016
openssl (1.0.2d-0ubuntu1.4) wily-security; urgency=medium
* SECURITY UPDATE: side channel attack on modular exponentiation
- debian/patches/CVE-2016-0702.patch: use constant-time calculations in
crypto/bn/asm/rsaz-avx2.pl, crypto/bn/asm/rsaz-x86_64.pl,
crypto/bn/asm/x86_64-mont.pl, crypto/bn/asm/x86_64-mont5.pl,
crypto/bn/bn_exp.c.
- CVE-2016-0702
* SECURITY UPDATE: double-free in DSA code
- debian/patches/CVE-2016-0705.patch: fix double-free in
crypto/dsa/dsa_ameth.c.
- CVE-2016-0705
* SECURITY UPDATE: BN_hex2bn/BN_dec2bn NULL pointer deref/heap corruption
- debian/patches/CVE-2016-0797.patch: prevent overflow in
crypto/bn/bn_print.c, crypto/bn/bn.h.
- CVE-2016-0797
* SECURITY UPDATE: memory leak in SRP database lookups
- debian/patches/CVE-2016-0798.patch: disable SRP fake user seed and
introduce new SRP_VBASE_get1_by_user function that handled seed
properly in apps/s_server.c, crypto/srp/srp.h, crypto/srp/srp_vfy.c,
util/libeay.num, openssl.ld.
- CVE-2016-0798
* SECURITY UPDATE: memory issues in BIO_*printf functions
- debian/patches/CVE-2016-0799.patch: prevent overflow in
crypto/bio/b_print.c.
- CVE-2016-0799
Date: 2016-02-29 18:05:19.697655+00:00
Changed-By: Marc Deslauriers <marc.deslauriers at canonical.com>
Signed-By: Ubuntu Archive Robot <cjwatson+ubuntu-archive-robot at chiark.greenend.org.uk>
https://launchpad.net/ubuntu/+source/openssl/1.0.2d-0ubuntu1.4
-------------- next part --------------
Sorry, changesfile not available.
More information about the Wily-changes
mailing list