openssl 0.9.8g-4ubuntu3.15 source package in Ubuntu


openssl (0.9.8g-4ubuntu3.15) hardy-security; urgency=low

  * SECURITY UPDATE: ECDSA private key timing attack
    - crypto/ecdsa/ecs_ossl.c: compute with fixed scalar length
    - CVE-2011-1945
  * SECURITY UPDATE: ECDH ciphersuite denial of service
    - ssl/s3_lib.c, file ssl/s3_srvr.c: fix memory usage for thread
    - CVE-2011-3210
  * SECURITY UPDATE: DTLS plaintext recovery attack (LP: #922229)
    - ssl/d1_pkt.c: perform all computations before discarding messages
    - CVE-2011-4108
  * SECURITY UPDATE: policy check double free vulnerability
    - crypto/x509v3/pcy_map.c, crypto/x509v3/pcy_tree.c: only free
      domain policy in one location
    - CVE-2011-4019
  * SECURITY UPDATE: incorrect elliptic curve computation TLS key
    - crypto/bn/bn_nist.c: perform ellyiptic curve computations
    - update to
    - CVE-2011-4354
  * SECURITY UPDATE: SSL 3.0 block padding exposure
    - ssl/s3_enc.c: clear bytes used for block padding of SSL 3.0
    - CVE-2011-4576
  * SECURITY UPDATE: malformed RFC 3779 data denial of service attack
    - crypto/x509v3/v3_addr.c: prevent malformed RFC3779 data
      from triggering an assertion failure
    - CVE-2011-4577
  * SECURITY UPDATE: Server Gated Cryptography (SGC) denial of service
    - ssl/s3_srvr.c, ssl/ssl.h, ssl/ssl3.h, ssl/ssl_err.c: Only allow
      one SGC handshake restart for SSL/TLS.
    - CVE-2011-4619
  * SECURITY UPDATE: fix for CVE-2011-4108 denial of service attack
    - ssl/d1_pkt.c: improve handling of DTLS MAC
    - CVE-2012-0050
  * crypto/ecdsa/ecdsatest.c: fix ECDSA tests
  * debian/libssl0.9.8.postinst: Only issue the reboot notification for
    servers by testing that the X server is not running (LP: #244250)
 -- Steve Beattie <email address hidden>   Tue, 31 Jan 2012 01:46:26 -0800

Upload details

Uploaded by:
Steve Beattie on 2012-01-31
Uploaded to:
Original maintainer:
Ubuntu Developers
Low Urgency

See full publishing history Publishing

Series Pocket Published Component Section


File Size MD5 Checksum
openssl_0.9.8g.orig.tar.gz 3.2 MiB acf70a16359bf3658bdfb74bda1c4419
openssl_0.9.8g-4ubuntu3.15.diff.gz 83.9 KiB e6dc02d7a063ab6a2518ee386a42d979
openssl_0.9.8g-4ubuntu3.15.dsc 1.5 KiB 595160a5c9457d93fc9444d0125af9f5

View changes file

Binary packages built by this source

libcrypto0.9.8-udeb: crypto shared library - udeb

 libcrypto shared library.
 Do not install it on a normal system.

libssl-dev: SSL development libraries, header files and documentation

 libssl and libcrypto development libraries, header files and manpages.
 It is part of the OpenSSL implementation of SSL.

libssl0.9.8: SSL shared libraries

 libssl and libcrypto shared libraries needed by programs like
 apache-ssl, telnet-ssl and openssh.
 It is part of the OpenSSL implementation of SSL.

libssl0.9.8-dbg: Symbol tables for libssl and libcrypto

 This package is part of the OpenSSL implementation of SSL.

openssl: Secure Socket Layer (SSL) binary and related cryptographic tools

 This package contains the openssl binary and related tools.
 It is part of the OpenSSL implementation of SSL.
 You need it to perform certain cryptographic actions like:
  - Creation of RSA, DH and DSA key parameters;
  - Creation of X.509 certificates, CSRs and CRLs;
  - Calculation of message digests;
  - Encryption and decryption with ciphers;
  - SSL/TLS client and server tests;
  - Handling of S/MIME signed or encrypted mail.

openssl-doc: Secure Socket Layer (SSL) documentation

 This package contains the OpenSSL documentation.
 It is part of the OpenSSL implementation of SSL.