openssl 0.9.8g-4ubuntu3.7 source package in Ubuntu

Changelog

openssl (0.9.8g-4ubuntu3.7) hardy-security; urgency=low

  * SECURITY UPDATE: denial of service via memory consumption from large
    number of future epoch DTLS records.
    - crypto/pqueue.*: add new pqueue_size counter function.
    - ssl/d1_pkt.c: use pqueue_size to limit size of queue to 100.
    - http://cvs.openssl.org/chngview?cn=18187
    - CVE-2009-1377
  * SECURITY UPDATE: denial of service via memory consumption from
    duplicate or invalid sequence numbers in DTLS records.
    - ssl/d1_both.c: discard message if it's a duplicate or too far in the
      future.
    - http://marc.info/?l=openssl-dev&m=124263491424212&w=2
    - CVE-2009-1378
  * SECURITY UPDATE: denial of service or other impact via use-after-free
    in dtls1_retrieve_buffered_fragment.
    - ssl/d1_both.c: use temp frag_len instead of freed frag.
    - http://rt.openssl.org/Ticket/Display.html?id=1923
    - CVE-2009-1379
  * SECURITY UPDATE: denial of service via DTLS ChangeCipherSpec packet
    that occurs before ClientHello.
    - ssl/s3_pkt.c: abort if s->session is NULL.
    - ssl/{ssl.h,ssl_err.c}: add new error codes.
    - http://cvs.openssl.org/chngview?cn=17369
    - CVE-2009-1386
  * SECURITY UPDATE: denial of service via an out-of-sequence DTLS
    handshake message.
    - ssl/d1_both.c: don't buffer fragments with no data.
    - http://cvs.openssl.org/chngview?cn=17958
    - CVE-2009-1387

 -- Marc Deslauriers <email address hidden>   Thu, 11 Jun 2009 10:26:30 -0400

Upload details

Uploaded by:
Marc Deslauriers on 2009-06-11
Uploaded to:
Hardy
Original maintainer:
Ubuntu Development Team
Component:
main
Architectures:
any
Section:
utils
Urgency:
Low Urgency

See full publishing history Publishing

Series Pocket Published Component Section

Downloads

File Size MD5 Checksum
openssl_0.9.8g.orig.tar.gz 3.2 MiB acf70a16359bf3658bdfb74bda1c4419
openssl_0.9.8g-4ubuntu3.7.diff.gz 55.6 KiB cff78d7149ed0b5299b6dbcebe172449
openssl_0.9.8g-4ubuntu3.7.dsc 920 bytes 5d1a9093f06b84fcff699f1cf3edc607

View changes file

Binary packages built by this source

libcrypto0.9.8-udeb: No summary available for libcrypto0.9.8-udeb in ubuntu hardy.

No description available for libcrypto0.9.8-udeb in ubuntu hardy.

libssl-dev: No summary available for libssl-dev in ubuntu hardy.

No description available for libssl-dev in ubuntu hardy.

libssl0.9.8: No summary available for libssl0.9.8 in ubuntu hardy.

No description available for libssl0.9.8 in ubuntu hardy.

libssl0.9.8-dbg: No summary available for libssl0.9.8-dbg in ubuntu hardy.

No description available for libssl0.9.8-dbg in ubuntu hardy.

openssl: No summary available for openssl in ubuntu hardy.

No description available for openssl in ubuntu hardy.

openssl-doc: No summary available for openssl-doc in ubuntu hardy.

No description available for openssl-doc in ubuntu hardy.