openssl 0.9.8g-4ubuntu3.7 source package in Ubuntu

Changelog

openssl (0.9.8g-4ubuntu3.7) hardy-security; urgency=low

  * SECURITY UPDATE: denial of service via memory consumption from large
    number of future epoch DTLS records.
    - crypto/pqueue.*: add new pqueue_size counter function.
    - ssl/d1_pkt.c: use pqueue_size to limit size of queue to 100.
    - http://cvs.openssl.org/chngview?cn=18187
    - CVE-2009-1377
  * SECURITY UPDATE: denial of service via memory consumption from
    duplicate or invalid sequence numbers in DTLS records.
    - ssl/d1_both.c: discard message if it's a duplicate or too far in the
      future.
    - http://marc.info/?l=openssl-dev&m=124263491424212&w=2
    - CVE-2009-1378
  * SECURITY UPDATE: denial of service or other impact via use-after-free
    in dtls1_retrieve_buffered_fragment.
    - ssl/d1_both.c: use temp frag_len instead of freed frag.
    - http://rt.openssl.org/Ticket/Display.html?id=1923
    - CVE-2009-1379
  * SECURITY UPDATE: denial of service via DTLS ChangeCipherSpec packet
    that occurs before ClientHello.
    - ssl/s3_pkt.c: abort if s->session is NULL.
    - ssl/{ssl.h,ssl_err.c}: add new error codes.
    - http://cvs.openssl.org/chngview?cn=17369
    - CVE-2009-1386
  * SECURITY UPDATE: denial of service via an out-of-sequence DTLS
    handshake message.
    - ssl/d1_both.c: don't buffer fragments with no data.
    - http://cvs.openssl.org/chngview?cn=17958
    - CVE-2009-1387

 -- Marc Deslauriers <email address hidden>   Thu, 11 Jun 2009 10:26:30 -0400

Upload details

Uploaded by:
Marc Deslauriers on 2009-06-11
Uploaded to:
Hardy
Original maintainer:
Ubuntu Development Team
Architectures:
any
Section:
utils
Urgency:
Low Urgency

See full publishing history Publishing

Series Pocket Published Component Section

Downloads

File Size SHA-256 Checksum
openssl_0.9.8g.orig.tar.gz 3.2 MiB 0e26886845de95716c9f1b9b75c0e06e9d4075d2bdc9e11504eaa5f7ee901cf0
openssl_0.9.8g-4ubuntu3.7.diff.gz 55.6 KiB 526ea1d63193106b7466bb60993763738f52b456a1ce9596eeb709ea13f19b27
openssl_0.9.8g-4ubuntu3.7.dsc 920 bytes 54a10e315c05c9bd88d6888e72636489697208ccb3fe28e9a9d0b7346ed6eb9a

View changes file

Binary packages built by this source

libcrypto0.9.8-udeb: No summary available for libcrypto0.9.8-udeb in ubuntu hardy.

No description available for libcrypto0.9.8-udeb in ubuntu hardy.

libssl-dev: No summary available for libssl-dev in ubuntu hardy.

No description available for libssl-dev in ubuntu hardy.

libssl0.9.8: No summary available for libssl0.9.8 in ubuntu hardy.

No description available for libssl0.9.8 in ubuntu hardy.

libssl0.9.8-dbg: No summary available for libssl0.9.8-dbg in ubuntu hardy.

No description available for libssl0.9.8-dbg in ubuntu hardy.

openssl: No summary available for openssl in ubuntu hardy.

No description available for openssl in ubuntu hardy.

openssl-doc: No summary available for openssl-doc in ubuntu hardy.

No description available for openssl-doc in ubuntu hardy.