openssl 0.9.8g-4ubuntu3.15 source package in Ubuntu

Changelog

openssl (0.9.8g-4ubuntu3.15) hardy-security; urgency=low

  * SECURITY UPDATE: ECDSA private key timing attack
    - crypto/ecdsa/ecs_ossl.c: compute with fixed scalar length
    - http://cvs.openssl.org/chngview?cn=20892
    - CVE-2011-1945
  * SECURITY UPDATE: ECDH ciphersuite denial of service
    - ssl/s3_lib.c, file ssl/s3_srvr.c: fix memory usage for thread
      safety
    - http://cvs.openssl.org/chngview?cn=21334
    - CVE-2011-3210
  * SECURITY UPDATE: DTLS plaintext recovery attack (LP: #922229)
    - ssl/d1_pkt.c: perform all computations before discarding messages
    - http://cvs.openssl.org/chngview?cn=21942
    - http://cvs.openssl.org/chngview?cn=19574
    - CVE-2011-4108
  * SECURITY UPDATE: policy check double free vulnerability
    - crypto/x509v3/pcy_map.c, crypto/x509v3/pcy_tree.c: only free
      domain policy in one location
    - http://cvs.openssl.org/chngview?cn=21941
    - CVE-2011-4019
  * SECURITY UPDATE: incorrect elliptic curve computation TLS key
    exposure
    - crypto/bn/bn_nist.c: perform ellyiptic curve computations
      correctly
    - update to http://cvs.openssl.org/fileview?f=openssl/crypto/bn/bn_nist.c&v=1.20
    - CVE-2011-4354
  * SECURITY UPDATE: SSL 3.0 block padding exposure
    - ssl/s3_enc.c: clear bytes used for block padding of SSL 3.0
      records.
    - http://cvs.openssl.org/chngview?cn=21940
    - CVE-2011-4576
  * SECURITY UPDATE: malformed RFC 3779 data denial of service attack
    - crypto/x509v3/v3_addr.c: prevent malformed RFC3779 data
      from triggering an assertion failure
    - http://cvs.openssl.org/chngview?cn=21937
    - CVE-2011-4577
  * SECURITY UPDATE: Server Gated Cryptography (SGC) denial of service
    - ssl/s3_srvr.c, ssl/ssl.h, ssl/ssl3.h, ssl/ssl_err.c: Only allow
      one SGC handshake restart for SSL/TLS.
    - CVE-2011-4619
  * SECURITY UPDATE: fix for CVE-2011-4108 denial of service attack
    - ssl/d1_pkt.c: improve handling of DTLS MAC
    - http://cvs.openssl.org/chngview?cn=22032
    - CVE-2012-0050
  * crypto/ecdsa/ecdsatest.c: fix ECDSA tests
    - http://cvs.openssl.org/chngview?cn=21777
    - http://cvs.openssl.org/chngview?cn=21995
  * debian/libssl0.9.8.postinst: Only issue the reboot notification for
    servers by testing that the X server is not running (LP: #244250)
 -- Steve Beattie <email address hidden>   Tue, 31 Jan 2012 01:46:26 -0800

Upload details

Uploaded by:
Steve Beattie on 2012-01-31
Uploaded to:
Hardy
Original maintainer:
Ubuntu Developers
Component:
main
Architectures:
any
Section:
utils
Urgency:
Low Urgency

See full publishing history Publishing

Series Pocket Published Component Section

Downloads

File Size MD5 Checksum
openssl_0.9.8g.orig.tar.gz 3.2 MiB acf70a16359bf3658bdfb74bda1c4419
openssl_0.9.8g-4ubuntu3.15.diff.gz 83.9 KiB e6dc02d7a063ab6a2518ee386a42d979
openssl_0.9.8g-4ubuntu3.15.dsc 1.5 KiB 595160a5c9457d93fc9444d0125af9f5

View changes file

Binary packages built by this source

libcrypto0.9.8-udeb: No summary available for libcrypto0.9.8-udeb in ubuntu hardy.

No description available for libcrypto0.9.8-udeb in ubuntu hardy.

libssl-dev: No summary available for libssl-dev in ubuntu hardy.

No description available for libssl-dev in ubuntu hardy.

libssl0.9.8: No summary available for libssl0.9.8 in ubuntu hardy.

No description available for libssl0.9.8 in ubuntu hardy.

libssl0.9.8-dbg: No summary available for libssl0.9.8-dbg in ubuntu hardy.

No description available for libssl0.9.8-dbg in ubuntu hardy.

openssl: No summary available for openssl in ubuntu hardy.

No description available for openssl in ubuntu hardy.

openssl-doc: No summary available for openssl-doc in ubuntu hardy.

No description available for openssl-doc in ubuntu hardy.