Format: 1.8 Date: Thu, 22 Sep 2016 08:22:22 -0400 Source: openssl Binary: openssl libssl1.0.0 libcrypto1.0.0-udeb libssl1.0.0-udeb libssl-dev libssl-doc libssl1.0.0-dbg Architecture: amd64 all amd64_translations Version: 1.0.2g-1ubuntu4.4 Distribution: xenial Urgency: medium Maintainer: Launchpad Build Daemon Changed-By: Marc Deslauriers Description: libcrypto1.0.0-udeb - Secure Sockets Layer toolkit - libcrypto udeb (udeb) libssl-dev - Secure Sockets Layer toolkit - development files libssl-doc - Secure Sockets Layer toolkit - development documentation libssl1.0.0 - Secure Sockets Layer toolkit - shared libraries libssl1.0.0-dbg - Secure Sockets Layer toolkit - debug information libssl1.0.0-udeb - ssl shared library - udeb (udeb) openssl - Secure Sockets Layer toolkit - cryptographic utility Changes: openssl (1.0.2g-1ubuntu4.4) xenial-security; urgency=medium . * SECURITY UPDATE: Pointer arithmetic undefined behaviour - debian/patches/CVE-2016-2177.patch: avoid undefined pointer arithmetic in ssl/s3_srvr.c, ssl/ssl_sess.c, ssl/t1_lib.c. - CVE-2016-2177 * SECURITY UPDATE: Constant time flag not preserved in DSA signing - debian/patches/CVE-2016-2178-*.patch: preserve BN_FLG_CONSTTIME in crypto/dsa/dsa_ossl.c. - CVE-2016-2178 * SECURITY UPDATE: DTLS buffered message DoS - debian/patches/CVE-2016-2179.patch: fix queue handling in ssl/d1_both.c, ssl/d1_clnt.c, ssl/d1_lib.c, ssl/d1_srvr.c, ssl/ssl_locl.h. - CVE-2016-2179 * SECURITY UPDATE: OOB read in TS_OBJ_print_bio() - debian/patches/CVE-2016-2180.patch: fix text handling in crypto/ts/ts_lib.c. - CVE-2016-2180 * SECURITY UPDATE: DTLS replay protection DoS - debian/patches/CVE-2016-2181-1.patch: properly handle unprocessed records in ssl/d1_pkt.c. - debian/patches/CVE-2016-2181-2.patch: protect against replay attacks in ssl/d1_pkt.c, ssl/ssl.h, ssl/ssl_err.c. - debian/patches/CVE-2016-2181-3.patch: update error code in ssl/ssl.h. - CVE-2016-2181 * SECURITY UPDATE: OOB write in BN_bn2dec() - debian/patches/CVE-2016-2182.patch: don't overflow buffer in crypto/bn/bn_print.c. - CVE-2016-2182 * SECURITY UPDATE: SWEET32 Mitigation - debian/patches/CVE-2016-2183.patch: move DES ciphersuites from HIGH to MEDIUM in ssl/s3_lib.c. - CVE-2016-2183 * SECURITY UPDATE: Malformed SHA512 ticket DoS - debian/patches/CVE-2016-6302.patch: sanity check ticket length in ssl/t1_lib.c. - CVE-2016-6302 * SECURITY UPDATE: OOB write in MDC2_Update() - debian/patches/CVE-2016-6303.patch: avoid overflow in crypto/mdc2/mdc2dgst.c. - CVE-2016-6303 * SECURITY UPDATE: OCSP Status Request extension unbounded memory growth - debian/patches/CVE-2016-6304.patch: remove OCSP_RESPIDs from previous handshake in ssl/t1_lib.c. - CVE-2016-6304 * SECURITY UPDATE: Certificate message OOB reads - debian/patches/CVE-2016-6306-1.patch: check lengths in ssl/s3_clnt.c, ssl/s3_srvr.c. - debian/patches/CVE-2016-6306-2.patch: make message buffer slightly larger in ssl/d1_both.c, ssl/s3_both.c. - CVE-2016-6306 Checksums-Sha1: 30c7df4f40006630799b05e30d34f237c3aa7f81 936 libcrypto1.0.0-udeb-dbgsym_1.0.2g-1ubuntu4.4_amd64.ddeb f17457333f34f12078aa4dd88b1ad14fc7c021ce 852448 libcrypto1.0.0-udeb_1.0.2g-1ubuntu4.4_amd64.udeb c9dd508ae4960d2ce0e5295b3cf28ce043c7a6c3 924 libssl-dev-dbgsym_1.0.2g-1ubuntu4.4_amd64.ddeb ef48b3b45dd068d6bb46aac518c08f324c198f27 1344324 libssl-dev_1.0.2g-1ubuntu4.4_amd64.deb d6f28f14bbf98229d7edc77d0d199432379e56f0 1078686 libssl-doc_1.0.2g-1ubuntu4.4_all.deb ec904d92547ea08fbe7eaacca73e3f9791a8e50f 2757988 libssl1.0.0-dbg_1.0.2g-1ubuntu4.4_amd64.deb 3a9997a339abb5caeaab962856b0da349a0e9a4f 900 libssl1.0.0-dbgsym_1.0.2g-1ubuntu4.4_amd64.ddeb 728496a18142e531b3d35ee5cb80255e23762f03 820 libssl1.0.0-udeb-dbgsym_1.0.2g-1ubuntu4.4_amd64.ddeb 92e43d8e3d956c5e963ebf54ed42eb4ac149a078 140678 libssl1.0.0-udeb_1.0.2g-1ubuntu4.4_amd64.udeb a9842baa37756a262a79118420e1675311ffd784 1085790 libssl1.0.0_1.0.2g-1ubuntu4.4_amd64.deb 7fd481586ebeed7d2deefa0c1d8d4cdd557f7c7a 1064 openssl-dbgsym_1.0.2g-1ubuntu4.4_amd64.ddeb 27d982b76b79b27197190f9228d2e2379a49dd1c 491704 openssl_1.0.2g-1ubuntu4.4_amd64.deb a352693025df936425e94a32d79b443d6d1048cc 20407 openssl_1.0.2g-1ubuntu4.4_amd64_translations.tar.gz Checksums-Sha256: e462b66c1812d4744f78f089f27658304db98d028e58e1719635489bbc86aef2 936 libcrypto1.0.0-udeb-dbgsym_1.0.2g-1ubuntu4.4_amd64.ddeb de2e66ec30c61b031072d19d056f2def9be57680d74fe3eca9a396bdf8501994 852448 libcrypto1.0.0-udeb_1.0.2g-1ubuntu4.4_amd64.udeb 2be0c3de215539d0cb906c18e265bc4b269f8e015abd6006ceb4a0108166890c 924 libssl-dev-dbgsym_1.0.2g-1ubuntu4.4_amd64.ddeb 86e9fc66e3ac54d400f0bdf3a2c960a9345ac56182d955a8b58913672b40d5a4 1344324 libssl-dev_1.0.2g-1ubuntu4.4_amd64.deb 4799d62ecf774ad3a3a045a9076dc9270119c6d32b8a36a3390786ff43377d5c 1078686 libssl-doc_1.0.2g-1ubuntu4.4_all.deb c9d5d1a291527a200d6ca240e65e35abfa4a68e715cdeccdb83bcd5f021ce36a 2757988 libssl1.0.0-dbg_1.0.2g-1ubuntu4.4_amd64.deb 31ad28c5091ab7ac9addfeb7a84c2f71a8835ef5af63d4797824c3b73488a088 900 libssl1.0.0-dbgsym_1.0.2g-1ubuntu4.4_amd64.ddeb a177f1f7feaadbe97ae50fa6d7a09a101ff603013a7bf1d96540b752c434f376 820 libssl1.0.0-udeb-dbgsym_1.0.2g-1ubuntu4.4_amd64.ddeb 9155cc020c2c965d34ae7c0abb2c746829088409252af0f30fb7698072787f3b 140678 libssl1.0.0-udeb_1.0.2g-1ubuntu4.4_amd64.udeb d8748a864363170badb3520ed9a2c41c50e87f94d9752b78c0f482653a2240b3 1085790 libssl1.0.0_1.0.2g-1ubuntu4.4_amd64.deb 6b26c7833ddc6d1b940ae1e3aa61ece0f3e6319edb8557d28408abc62c612ee1 1064 openssl-dbgsym_1.0.2g-1ubuntu4.4_amd64.ddeb 36a37c4139dd694c5d63d04e28021c09c03e15ff4667967ce668d829c1ae7431 491704 openssl_1.0.2g-1ubuntu4.4_amd64.deb cc8fe9b2df9a7279b3e82844998b127d7d8d746e7b0e0e60515676771e9bb312 20407 openssl_1.0.2g-1ubuntu4.4_amd64_translations.tar.gz Files: 575aa5c71e681884edd91e807f2bc23a 936 debian-installer extra libcrypto1.0.0-udeb-dbgsym_1.0.2g-1ubuntu4.4_amd64.ddeb f4defc62cbf2dbe9ae32250d8025490c 852448 debian-installer optional libcrypto1.0.0-udeb_1.0.2g-1ubuntu4.4_amd64.udeb a4d9fd8a9feda5d95b6a9124ed176504 924 libdevel extra libssl-dev-dbgsym_1.0.2g-1ubuntu4.4_amd64.ddeb fb934646508759d9d5bc627895f5ecc9 1344324 libdevel optional libssl-dev_1.0.2g-1ubuntu4.4_amd64.deb 287aac5c2bcda1278b698461b61e384a 1078686 doc optional libssl-doc_1.0.2g-1ubuntu4.4_all.deb 6f64ba2602ef46f6a53460ae84fd56cc 2757988 debug extra libssl1.0.0-dbg_1.0.2g-1ubuntu4.4_amd64.deb b6825098f4619fde4b035e858ecc55b2 900 libs extra libssl1.0.0-dbgsym_1.0.2g-1ubuntu4.4_amd64.ddeb 3a15a2c618db750a01a619868fb0b077 820 debian-installer extra libssl1.0.0-udeb-dbgsym_1.0.2g-1ubuntu4.4_amd64.ddeb 4ba2f70af05dbef2b07e0debb94c5fbf 140678 debian-installer optional libssl1.0.0-udeb_1.0.2g-1ubuntu4.4_amd64.udeb c046710cbc77c3daeb01247c75a87e75 1085790 libs important libssl1.0.0_1.0.2g-1ubuntu4.4_amd64.deb 93d129a15e0b6a639be498fd9a9b8406 1064 utils extra openssl-dbgsym_1.0.2g-1ubuntu4.4_amd64.ddeb 11f7a867805bffae17480178f676a5a5 491704 utils optional openssl_1.0.2g-1ubuntu4.4_amd64.deb d88619c949aa1b9dd8675c4cd02e2d09 20407 raw-translations - openssl_1.0.2g-1ubuntu4.4_amd64_translations.tar.gz Original-Maintainer: Debian OpenSSL Team Package-Type: udeb