[ubuntu/zesty-proposed] openssl 1.0.2g-1ubuntu11 (Accepted)

Marc Deslauriers marc.deslauriers at ubuntu.com
Mon Jan 30 15:22:17 UTC 2017


openssl (1.0.2g-1ubuntu11) zesty; urgency=medium

  * SECURITY UPDATE: Montgomery multiplication may produce incorrect
    results
    - debian/patches/CVE-2016-7055.patch: fix logic in
      crypto/bn/asm/x86_64-mont.pl.
    - CVE-2016-7055
  * SECURITY UPDATE: DoS via warning alerts
    - debian/patches/CVE-2016-8610.patch: don't allow too many consecutive
      warning alerts in ssl/d1_pkt.c, ssl/s3_pkt.c, ssl/ssl.h,
      ssl/ssl_locl.h.
    - debian/patches/CVE-2016-8610-2.patch: fail if an unrecognised record
      type is received in ssl/s3_pkt.c.
    - CVE-2016-8610
  * SECURITY UPDATE: Truncated packet could crash via OOB read
    - debian/patches/CVE-2017-3731.patch: harden RC4_MD5 cipher in
      crypto/evp/e_rc4_hmac_md5.c.
    - CVE-2017-3731
  * SECURITY UPDATE: BN_mod_exp may produce incorrect results on x86_64
    - debian/patches/CVE-2017-3732.patch: fix carry bug in
      bn_sqr8x_internal in crypto/bn/asm/x86_64-mont5.pl.
    - CVE-2017-3732

Date: Mon, 30 Jan 2017 09:00:43 -0500
Changed-By: Marc Deslauriers <marc.deslauriers at ubuntu.com>
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
https://launchpad.net/ubuntu/+source/openssl/1.0.2g-1ubuntu11
-------------- next part --------------
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Mon, 30 Jan 2017 09:00:43 -0500
Source: openssl
Binary: openssl libssl1.0.0 libcrypto1.0.0-udeb libssl1.0.0-udeb libssl-dev libssl1.0-dev libssl-doc libssl1.0.0-dbg
Architecture: source
Version: 1.0.2g-1ubuntu11
Distribution: zesty
Urgency: medium
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Changed-By: Marc Deslauriers <marc.deslauriers at ubuntu.com>
Description:
 libcrypto1.0.0-udeb - Secure Sockets Layer toolkit - libcrypto udeb (udeb)
 libssl-dev - Secure Sockets Layer toolkit - development files
 libssl-doc - Secure Sockets Layer toolkit - development documentation
 libssl1.0-dev - Secure Sockets Layer toolkit - metapackage
 libssl1.0.0 - Secure Sockets Layer toolkit - shared libraries
 libssl1.0.0-dbg - Secure Sockets Layer toolkit - debug information
 libssl1.0.0-udeb - ssl shared library - udeb (udeb)
 openssl    - Secure Sockets Layer toolkit - cryptographic utility
Changes:
 openssl (1.0.2g-1ubuntu11) zesty; urgency=medium
 .
   * SECURITY UPDATE: Montgomery multiplication may produce incorrect
     results
     - debian/patches/CVE-2016-7055.patch: fix logic in
       crypto/bn/asm/x86_64-mont.pl.
     - CVE-2016-7055
   * SECURITY UPDATE: DoS via warning alerts
     - debian/patches/CVE-2016-8610.patch: don't allow too many consecutive
       warning alerts in ssl/d1_pkt.c, ssl/s3_pkt.c, ssl/ssl.h,
       ssl/ssl_locl.h.
     - debian/patches/CVE-2016-8610-2.patch: fail if an unrecognised record
       type is received in ssl/s3_pkt.c.
     - CVE-2016-8610
   * SECURITY UPDATE: Truncated packet could crash via OOB read
     - debian/patches/CVE-2017-3731.patch: harden RC4_MD5 cipher in
       crypto/evp/e_rc4_hmac_md5.c.
     - CVE-2017-3731
   * SECURITY UPDATE: BN_mod_exp may produce incorrect results on x86_64
     - debian/patches/CVE-2017-3732.patch: fix carry bug in
       bn_sqr8x_internal in crypto/bn/asm/x86_64-mont5.pl.
     - CVE-2017-3732
Checksums-Sha1:
 e08cb7f03ea2ab7042f0b67662f1d46fbbbf00c6 2492 openssl_1.0.2g-1ubuntu11.dsc
 dd876fe2c99937344c7f30107f1184beda1c3e7a 109704 openssl_1.0.2g-1ubuntu11.debian.tar.xz
Checksums-Sha256:
 4fee937cdba364881eab56ba1f428c94a462af7d7a61cafb4189cef9a3fd8461 2492 openssl_1.0.2g-1ubuntu11.dsc
 0dac44ec3526dd1f62b67f9e0e6504628e0e58c9bca640d558b119ba80a71a24 109704 openssl_1.0.2g-1ubuntu11.debian.tar.xz
Files:
 2b6869c917d79029d2d0fce60a70aff3 2492 utils optional openssl_1.0.2g-1ubuntu11.dsc
 5daa58758983de61d2146465f7f36bd0 109704 utils optional openssl_1.0.2g-1ubuntu11.debian.tar.xz
Original-Maintainer: Debian OpenSSL Team <pkg-openssl-devel at lists.alioth.debian.org>

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBCgAGBQJYj1mtAAoJEGVp2FWnRL6TVusP/271QiMtTIyGlalbeuaSiBJK
F5BGrzPkRiyVEC+DO2yxJquZepUly8QX3Dv9D4nH8nltSdRxpn2egio+k8brGEyb
9hkX26X8K+ZeHSKdi94EbvR80YnNyu3rjtVC+lBpam1cMTFwxhxSU6kIBVydM05k
L4ZdBcLt/Ftib+NCN/b8FfieF+B0RH4OIJTl3ej5uVaHNAtvhGrXyRWHPxA8ooAC
NVzt/H92040yYNVY9QHfYGbYlSD5g6oZlcGIW1sWxzgYdYxkZ1nmk7lYw7v1eYHq
7DV/6o5nYsV5J9FjtEZ/ZzH6QZ+9rcqLDx/VxBsS1rF+qxF1fKp3rXq+/UcBrdVg
vnm+p/QjtEQOQc9DzFBO2GOh/w5Uy2GTzHyZH+Flz/ZeosgyodrmVxu1L22Hfk1u
tTQkHqa/Q1ERYsfnkY7EJ7up4NaYCSBmac6WeM5gcgEgZt+7QOl2GuNFNNdkClD5
r+ssY961ffPIptU/XCvUf4hI7H+YK+6BAP6CuZJ7Va1fhg6Tm1XbQ7M/scsHwRRR
3qlG36tdY67x+8dOSVhcwgEZyRrxXxPZrNfGAIsV6geZfG6oOTeQ+IdwfiZ+IYVw
YkeLz95/CkvAEK+Askk9R0UNFUcCCX7UlQc7a+bW+8XMB25dBvpYlWWGzDQGpaec
INoQpamk3Rc+BokCoaXN
=+RCS
-----END PGP SIGNATURE-----


More information about the Zesty-changes mailing list