Copied from
ubuntu vivid in
Private PPA for Ubuntu Security Team
by Ubuntu Archive Robot
Changelog
openssl (1.0.1f-1ubuntu11.4) vivid-security; urgency=medium
* SECURITY IMPROVEMENT: reject dh keys smaller than 768 bits
- debian/patches/reject_small_dh.patch: reject small dh keys in
ssl/s3_clnt.c, ssl/ssl.h, ssl/ssl_err.c, update documentation in
doc/ssl/SSL_CTX_set_tmp_dh_callback.pod, make s_server use 2048-bit
dh in apps/s_server.c, clarify docs in doc/apps/dhparam.pod.
* SECURITY UPDATE: denial of service and possible code execution via
invalid free in DTLS
- debian/patches/CVE-2014-8176.patch: fix invalid free in ssl/d1_lib.c.
- CVE-2014-8176
* SECURITY UPDATE: denial of service via malformed ECParameters
- debian/patches/CVE-2015-1788.patch: improve logic in
crypto/bn/bn_gf2m.c.
- CVE-2015-1788
* SECURITY UPDATE: denial of service via out-of-bounds read in
X509_cmp_time
- debian/patches/CVE-2015-1789.patch: properly parse time format in
crypto/x509/x509_vfy.c.
- CVE-2015-1789
* SECURITY UPDATE: denial of service via missing EnvelopedContent
- debian/patches/CVE-2015-1790.patch: handle NULL data_body in
crypto/pkcs7/pk7_doit.c.
- CVE-2015-1790
* SECURITY UPDATE: race condition in NewSessionTicket
- debian/patches/CVE-2015-1791.patch: create a new session in
ssl/s3_clnt.c, ssl/ssl.h, ssl/ssl_err.c, ssl/ssl_locl.h,
ssl/ssl_sess.c.
- debian/patches/CVE-2015-1791-2.patch: fix kerberos issue in
ssl/ssl_sess.c.
- debian/patches/CVE-2015-1791-3.patch: more ssl_session_dup fixes in
ssl/ssl_sess.c.
- CVE-2015-1791
* SECURITY UPDATE: CMS verify infinite loop with unknown hash function
- debian/patches/CVE-2015-1792.patch: fix infinite loop in
crypto/cms/cms_smime.c.
- CVE-2015-1792
-- Marc Deslauriers <email address hidden> Thu, 11 Jun 2015 07:10:41 -0400