Ubuntu

“openssl” 0.9.8g-4ubuntu3.19 source package in The Hardy Heron

Publishing history

0.9.8g-4ubuntu3.19
SUPERSEDED: Hardy pocket Updates in component main and section utils
  • Removed from disk on 2013-02-27.
  • Removal requested on 2013-02-22.
  • Superseded on 2013-02-21 by openssl - 0.9.8g-4ubuntu3.20
  • Published on 2012-05-24
  • Copied from ubuntu hardy in Private PPA for Ubuntu Security Team
0.9.8g-4ubuntu3.19
SUPERSEDED: Hardy pocket Security in component main and section utils
  • Removed from disk on 2013-02-27.
  • Removal requested on 2013-02-22.
  • Superseded on 2013-02-21 by openssl - 0.9.8g-4ubuntu3.20
  • Published on 2012-05-24
  • Copied from ubuntu hardy in Private PPA for Ubuntu Security Team

Builds

Changelog

openssl (0.9.8g-4ubuntu3.19) hardy-security; urgency=low

  * SECURITY UPDATE: denial of service attack in DTLS implementation
    - ssl/d1_enc.c: guard for integer overflow before skipping
      explicit IV
    - http://cvs.openssl.org/chngview?cn=22558
    - CVE-2012-2333
  * SECURITY UPDATE: million message attack (MMA) in CMS
    - crypto/pkcs7/pk7_doit.c: use a random key if RSA decryption
      fails to avoid leaking timing information
    - http://cvs.openssl.org/chngview?cn=22238
    - CVE-2012-0884
  * crypto/pkcs7/pk7_smime.c: detect symmetric crypto errors in
    PKCS7_decrypt
    - http://cvs.openssl.org/chngview?cn=22161
 -- Steve Beattie <email address hidden>   Tue, 22 May 2012 12:46:37 -0700