Format: 1.7 Date: Tue, 31 Jan 2012 01:46:26 -0800 Source: openssl Binary: openssl openssl-doc libssl0.9.8 libcrypto0.9.8-udeb libssl-dev libssl0.9.8-dbg Architecture: ia64_translations ia64 Version: 0.9.8g-4ubuntu3.15 Distribution: hardy Urgency: low Maintainer: Ubuntu/ia64 Build Daemon Changed-By: Steve Beattie Description: libcrypto0.9.8-udeb - crypto shared library - udeb (udeb) libssl-dev - SSL development libraries, header files and documentation libssl0.9.8 - SSL shared libraries libssl0.9.8-dbg - Symbol tables for libssl and libcrypto openssl - Secure Socket Layer (SSL) binary and related cryptographic tools openssl-doc - Secure Socket Layer (SSL) documentation Launchpad-Bugs-Fixed: 244250 922229 Changes: openssl (0.9.8g-4ubuntu3.15) hardy-security; urgency=low . * SECURITY UPDATE: ECDSA private key timing attack - crypto/ecdsa/ecs_ossl.c: compute with fixed scalar length - http://cvs.openssl.org/chngview?cn=20892 - CVE-2011-1945 * SECURITY UPDATE: ECDH ciphersuite denial of service - ssl/s3_lib.c, file ssl/s3_srvr.c: fix memory usage for thread safety - http://cvs.openssl.org/chngview?cn=21334 - CVE-2011-3210 * SECURITY UPDATE: DTLS plaintext recovery attack (LP: #922229) - ssl/d1_pkt.c: perform all computations before discarding messages - http://cvs.openssl.org/chngview?cn=21942 - http://cvs.openssl.org/chngview?cn=19574 - CVE-2011-4108 * SECURITY UPDATE: policy check double free vulnerability - crypto/x509v3/pcy_map.c, crypto/x509v3/pcy_tree.c: only free domain policy in one location - http://cvs.openssl.org/chngview?cn=21941 - CVE-2011-4019 * SECURITY UPDATE: incorrect elliptic curve computation TLS key exposure - crypto/bn/bn_nist.c: perform ellyiptic curve computations correctly - update to http://cvs.openssl.org/fileview?f=openssl/crypto/bn/bn_nist.c&v=1.20 - CVE-2011-4354 * SECURITY UPDATE: SSL 3.0 block padding exposure - ssl/s3_enc.c: clear bytes used for block padding of SSL 3.0 records. - http://cvs.openssl.org/chngview?cn=21940 - CVE-2011-4576 * SECURITY UPDATE: malformed RFC 3779 data denial of service attack - crypto/x509v3/v3_addr.c: prevent malformed RFC3779 data from triggering an assertion failure - http://cvs.openssl.org/chngview?cn=21937 - CVE-2011-4577 * SECURITY UPDATE: Server Gated Cryptography (SGC) denial of service - ssl/s3_srvr.c, ssl/ssl.h, ssl/ssl3.h, ssl/ssl_err.c: Only allow one SGC handshake restart for SSL/TLS. - CVE-2011-4619 * SECURITY UPDATE: fix for CVE-2011-4108 denial of service attack - ssl/d1_pkt.c: improve handling of DTLS MAC - http://cvs.openssl.org/chngview?cn=22032 - CVE-2012-0050 * crypto/ecdsa/ecdsatest.c: fix ECDSA tests - http://cvs.openssl.org/chngview?cn=21777 - http://cvs.openssl.org/chngview?cn=21995 * debian/libssl0.9.8.postinst: Only issue the reboot notification for servers by testing that the X server is not running (LP: #244250) Files: 14b524ea331be69b8bb8c30f273ff405 17409 raw-translations - openssl_0.9.8g-4ubuntu3.15_ia64_translations.tar.gz 01bb9efdc2213e3d2abf69b46cddba97 471822 utils optional openssl_0.9.8g-4ubuntu3.15_ia64.deb 88f47f774c6921f733455e4575545e15 1247774 libs important libssl0.9.8_0.9.8g-4ubuntu3.15_ia64.deb 74d4ab2b73725a7909dee5c70adf887a 829922 debian-installer optional libcrypto0.9.8-udeb_0.9.8g-4ubuntu3.15_ia64.udeb 283b6c6767072223ad87b334db262a9f 2503090 libdevel optional libssl-dev_0.9.8g-4ubuntu3.15_ia64.deb 2285fb1b3ea5e3afa3c1f58fca7ac8c8 1531102 libdevel extra libssl0.9.8-dbg_0.9.8g-4ubuntu3.15_ia64.deb Original-Maintainer: Debian OpenSSL Team Package-Type: udeb