Format: 1.7 Date: Tue, 31 Jan 2012 01:46:26 -0800 Source: openssl Binary: openssl openssl-doc libssl0.9.8 libcrypto0.9.8-udeb libssl-dev libssl0.9.8-dbg Architecture: hppa_translations hppa Version: 0.9.8g-4ubuntu3.15 Distribution: hardy Urgency: low Maintainer: Ubuntu/hppa Build Daemon Changed-By: Steve Beattie Description: libcrypto0.9.8-udeb - crypto shared library - udeb (udeb) libssl-dev - SSL development libraries, header files and documentation libssl0.9.8 - SSL shared libraries libssl0.9.8-dbg - Symbol tables for libssl and libcrypto openssl - Secure Socket Layer (SSL) binary and related cryptographic tools openssl-doc - Secure Socket Layer (SSL) documentation Launchpad-Bugs-Fixed: 244250 922229 Changes: openssl (0.9.8g-4ubuntu3.15) hardy-security; urgency=low . * SECURITY UPDATE: ECDSA private key timing attack - crypto/ecdsa/ecs_ossl.c: compute with fixed scalar length - http://cvs.openssl.org/chngview?cn=20892 - CVE-2011-1945 * SECURITY UPDATE: ECDH ciphersuite denial of service - ssl/s3_lib.c, file ssl/s3_srvr.c: fix memory usage for thread safety - http://cvs.openssl.org/chngview?cn=21334 - CVE-2011-3210 * SECURITY UPDATE: DTLS plaintext recovery attack (LP: #922229) - ssl/d1_pkt.c: perform all computations before discarding messages - http://cvs.openssl.org/chngview?cn=21942 - http://cvs.openssl.org/chngview?cn=19574 - CVE-2011-4108 * SECURITY UPDATE: policy check double free vulnerability - crypto/x509v3/pcy_map.c, crypto/x509v3/pcy_tree.c: only free domain policy in one location - http://cvs.openssl.org/chngview?cn=21941 - CVE-2011-4019 * SECURITY UPDATE: incorrect elliptic curve computation TLS key exposure - crypto/bn/bn_nist.c: perform ellyiptic curve computations correctly - update to http://cvs.openssl.org/fileview?f=openssl/crypto/bn/bn_nist.c&v=1.20 - CVE-2011-4354 * SECURITY UPDATE: SSL 3.0 block padding exposure - ssl/s3_enc.c: clear bytes used for block padding of SSL 3.0 records. - http://cvs.openssl.org/chngview?cn=21940 - CVE-2011-4576 * SECURITY UPDATE: malformed RFC 3779 data denial of service attack - crypto/x509v3/v3_addr.c: prevent malformed RFC3779 data from triggering an assertion failure - http://cvs.openssl.org/chngview?cn=21937 - CVE-2011-4577 * SECURITY UPDATE: Server Gated Cryptography (SGC) denial of service - ssl/s3_srvr.c, ssl/ssl.h, ssl/ssl3.h, ssl/ssl_err.c: Only allow one SGC handshake restart for SSL/TLS. - CVE-2011-4619 * SECURITY UPDATE: fix for CVE-2011-4108 denial of service attack - ssl/d1_pkt.c: improve handling of DTLS MAC - http://cvs.openssl.org/chngview?cn=22032 - CVE-2012-0050 * crypto/ecdsa/ecdsatest.c: fix ECDSA tests - http://cvs.openssl.org/chngview?cn=21777 - http://cvs.openssl.org/chngview?cn=21995 * debian/libssl0.9.8.postinst: Only issue the reboot notification for servers by testing that the X server is not running (LP: #244250) Files: ad1465c37510494bc93c5ccc5b46b645 17319 raw-translations - openssl_0.9.8g-4ubuntu3.15_hppa_translations.tar.gz 57694503c2c3b0627719c8660e7ed25f 404458 utils optional openssl_0.9.8g-4ubuntu3.15_hppa.deb df21089f8cb566c2607ac48e34d4f73b 963176 libs important libssl0.9.8_0.9.8g-4ubuntu3.15_hppa.deb 1c649e361d74e32e04c1f9a576c241a4 628376 debian-installer optional libcrypto0.9.8-udeb_0.9.8g-4ubuntu3.15_hppa.udeb e81671c5a46d653103b4d308d991750f 2136922 libdevel optional libssl-dev_0.9.8g-4ubuntu3.15_hppa.deb 054a984bf21f602fce8cb07fb969d7aa 1539458 libdevel extra libssl0.9.8-dbg_0.9.8g-4ubuntu3.15_hppa.deb Original-Maintainer: Debian OpenSSL Team Package-Type: udeb