Format: 1.8
Date: Wed, 20 Jun 2018 07:38:22 -0400
Source: openssl
Binary: openssl libssl1.0.0 libcrypto1.0.0-udeb libssl1.0.0-udeb libssl-dev libssl-doc libssl1.0.0-dbg
Architecture: source
Version: 1.0.2g-1ubuntu4.13
Distribution: xenial-security
Urgency: medium
Maintainer: Ubuntu Developers <ubuntu-devel-discuss@lists.ubuntu.com>
Changed-By: Marc Deslauriers <marc.deslauriers@ubuntu.com>
Description:
 libcrypto1.0.0-udeb - Secure Sockets Layer toolkit - libcrypto udeb (udeb)
 libssl-dev - Secure Sockets Layer toolkit - development files
 libssl-doc - Secure Sockets Layer toolkit - development documentation
 libssl1.0.0 - Secure Sockets Layer toolkit - shared libraries
 libssl1.0.0-dbg - Secure Sockets Layer toolkit - debug information
 libssl1.0.0-udeb - ssl shared library - udeb (udeb)
 openssl    - Secure Sockets Layer toolkit - cryptographic utility
Changes:
 openssl (1.0.2g-1ubuntu4.13) xenial-security; urgency=medium
 .
   * SECURITY UPDATE: ECDSA key extraction side channel
     - debian/patches/CVE-2018-0495.patch: add blinding to an ECDSA
       signature in crypto/ecdsa/ecdsatest.c, crypto/ecdsa/ecs_ossl.c.
     - CVE-2018-0495
   * SECURITY UPDATE: denial of service via long prime values
     - debian/patches/CVE-2018-0732.patch: reject excessively large primes
       in DH key generation in crypto/dh/dh_key.c.
     - CVE-2018-0732
   * SECURITY UPDATE: RSA cache timing side channel attack
     (previous update was incomplete)
     - debian/patches/CVE-2018-0737-1.patch: replaced variable-time GCD in
       crypto/rsa/rsa_gen.c.
     - debian/patches/CVE-2018-0737-2.patch: used ERR set/pop mark in
       crypto/rsa/rsa_gen.c.
     - debian/patches/CVE-2018-0737-3.patch: consttime flag changed in
       crypto/rsa/rsa_gen.c.
     - debian/patches/CVE-2018-0737-4.patch: ensure BN_mod_inverse and
       BN_mod_exp_mont both get called with BN_FLG_CONSTTIME flag set in
       crypto/rsa/rsa_gen.c.
     - CVE-2018-0737
Checksums-Sha1:
 e303cd1e2b4feccb8ba8a47555d2c4889846cfe4 2453 openssl_1.0.2g-1ubuntu4.13.dsc
 ade8197cf342fd67dfa6cff605495af91ded1163 125124 openssl_1.0.2g-1ubuntu4.13.debian.tar.xz
Checksums-Sha256:
 e2583bf1ea68c4ed1d92b09f9471d4e6c965bb232037e5dc5de8fccfc3093263 2453 openssl_1.0.2g-1ubuntu4.13.dsc
 43b6beb40533cc53595d4410be427fb2ff9d6e859f0ff4a73e21c49b45d6bcd5 125124 openssl_1.0.2g-1ubuntu4.13.debian.tar.xz
Files:
 7a0f7c0da286b72f3378e8bdd7603bce 2453 utils optional openssl_1.0.2g-1ubuntu4.13.dsc
 f09728f0612e53365cb601474803c016 125124 utils optional openssl_1.0.2g-1ubuntu4.13.debian.tar.xz
Original-Maintainer: Debian OpenSSL Team <pkg-openssl-devel@lists.alioth.debian.org>