[ubuntu/xenial-security] openssl 1.0.2g-1ubuntu4.1 (Accepted)
Marc Deslauriers
marc.deslauriers at canonical.com
Tue May 3 14:35:58 UTC 2016
openssl (1.0.2g-1ubuntu4.1) xenial-security; urgency=medium
* SECURITY UPDATE: EVP_EncodeUpdate overflow
- debian/patches/CVE-2016-2105.patch: properly check lengths in
crypto/evp/encode.c, add documentation to
doc/crypto/EVP_EncodeInit.pod, doc/crypto/evp.pod.
- CVE-2016-2105
* SECURITY UPDATE: EVP_EncryptUpdate overflow
- debian/patches/CVE-2016-2106.patch: fix overflow in
crypto/evp/evp_enc.c.
- CVE-2016-2106
* SECURITY UPDATE: Padding oracle in AES-NI CBC MAC check
- debian/patches/CVE-2016-2107.patch: check that there are enough
padding characters in crypto/evp/e_aes_cbc_hmac_sha1.c,
crypto/evp/e_aes_cbc_hmac_sha256.c.
- CVE-2016-2107
* SECURITY UPDATE: Memory corruption in the ASN.1 encoder
- debian/patches/CVE-2016-2108.patch: fix ASN1_INTEGER handling in
crypto/asn1/a_type.c, crypto/asn1/asn1.h, crypto/asn1/tasn_dec.c,
crypto/asn1/tasn_enc.c.
- CVE-2016-2108
* SECURITY UPDATE: ASN.1 BIO excessive memory allocation
- debian/patches/CVE-2016-2109.patch: properly handle large amounts of
data in crypto/asn1/a_d2i_fp.c.
- CVE-2016-2109
Date: 2016-05-02 16:36:26.231732+00:00
Changed-By: Marc Deslauriers <marc.deslauriers at canonical.com>
https://launchpad.net/ubuntu/+source/openssl/1.0.2g-1ubuntu4.1
-------------- next part --------------
Sorry, changesfile not available.
More information about the Xenial-changes
mailing list