Format: 1.8 Date: Tue, 24 Apr 2012 10:00:29 -0500 Source: openssl098 Binary: libssl0.9.8 libssl0.9.8-dbg libcrypto0.9.8-udeb Architecture: amd64 Version: 0.9.8o-7ubuntu1.2 Distribution: oneiric Urgency: low Maintainer: Ubuntu/amd64 Build Daemon Changed-By: Jamie Strandboge Description: libcrypto0.9.8-udeb - crypto shared library - udeb (udeb) libssl0.9.8 - SSL shared libraries libssl0.9.8-dbg - Symbol tables for libssl and libcrypto Changes: openssl098 (0.9.8o-7ubuntu1.2) oneiric-security; urgency=low . * Bring up to date with latest security patches from Ubuntu 11.04: * SECURITY UPDATE: ECDSA private key timing attack - debian/patches/CVE-2011-1945.patch: compute with fixed scalar length - CVE-2011-1945 * SECURITY UPDATE: ECDH ciphersuite denial of service - debian/patches/CVE-2011-3210.patch: fix memory usage for thread safety - CVE-2011-3210 * SECURITY UPDATE: DTLS plaintext recovery attack - debian/patches/CVE-2011-4108.patch: perform all computations before discarding messages - CVE-2011-4108 * SECURITY UPDATE: policy check double free vulnerability - debian/patches/CVE-2011-4019.patch: only free domain policyin one location - CVE-2011-4019 * SECURITY UPDATE: SSL 3.0 block padding exposure - debian/patches/CVE-2011-4576.patch: clear bytes used for block padding of SSL 3.0 records. - CVE-2011-4576 * SECURITY UPDATE: malformed RFC 3779 data denial of service attack - debian/patches/CVE-2011-4577.patch: prevent malformed RFC3779 data from triggering an assertion failure - CVE-2011-4577 * SECURITY UPDATE: Server Gated Cryptography (SGC) denial of service - debian/patches/CVE-2011-4619.patch: Only allow one SGC handshake restart for SSL/TLS. - CVE-2011-4619 * SECURITY UPDATE: fix for CVE-2011-4108 denial of service attack - debian/patches/CVE-2012-0050.patch: improve handling of DTLS MAC - CVE-2012-0050 * SECURITY UPDATE: NULL pointer dereference in S/MIME messages with broken headers - debian/patches/CVE-2006-7250+2012-1165.patch: adjust mime_hdr_cmp() and mime_param_cmp() to not dereference the compared strings if either is NULL - CVE-2006-7250 - CVE-2012-1165 * SECURITY UPDATE: fix various overflows - debian/patches/CVE-2012-2110.patch: adjust crypto/a_d2i_fp.c, crypto/buffer.c and crypto/mem.c to verify size of lengths - CVE-2012-2110 * SECURITY UPDATE: incomplete fix for CVE-2012-2110 - debian/patches/CVE-2012-2131.patch: also verify 'len' in BUF_MEM_grow and BUF_MEM_grow_clean is non-negative - CVE-2012-2131 * debian/patches/CVE-2012-2110b.patch: Use correct error code in BUF_MEM_grow_clean() Checksums-Sha1: 25d4c9837093b45dd7ed9c58bb667882fb12f7a5 865062 libssl0.9.8_0.9.8o-7ubuntu1.2_amd64.deb 9edce2b548aeae5d1ae65ef856ac9ee0f7c6f4c8 1653864 libssl0.9.8-dbg_0.9.8o-7ubuntu1.2_amd64.deb ab4fda7c9b21fa14ac7e9f0cc7b1cacde4f1432a 622700 libcrypto0.9.8-udeb_0.9.8o-7ubuntu1.2_amd64.udeb Checksums-Sha256: f05d5c3f90bf27abff333b586e0e85db7819ac47ed480297d31de8da0c98f67e 865062 libssl0.9.8_0.9.8o-7ubuntu1.2_amd64.deb a05fa56d26eb92009b80effa52d0cf84e6d468c05068996157510e3cba4dc5d5 1653864 libssl0.9.8-dbg_0.9.8o-7ubuntu1.2_amd64.deb d859dad37487f692d6ac7e7af7045e7e0fc680527cec490cf06ff0f8c85d1360 622700 libcrypto0.9.8-udeb_0.9.8o-7ubuntu1.2_amd64.udeb Files: e0ae83ee0936b8c55b81cd519114d444 865062 libs important libssl0.9.8_0.9.8o-7ubuntu1.2_amd64.deb bb1c75d3be1b2599e31d5d7c090400cc 1653864 debug extra libssl0.9.8-dbg_0.9.8o-7ubuntu1.2_amd64.deb c139d41aacb988b63eff5f110333a7c0 622700 debian-installer optional libcrypto0.9.8-udeb_0.9.8o-7ubuntu1.2_amd64.udeb Original-Maintainer: Debian OpenSSL Team Package-Type: udeb