Branches for Trusty

Name Status Last Modified Last Commit
lp:ubuntu/trusty/openssl bug 2 Mature 2014-04-07 15:37:53 UTC 2014-04-07
102. * SECURITY UPDATE: side-channel attac...

Author: Marc Deslauriers
Revision Date: 2014-04-07 15:37:53 UTC

* SECURITY UPDATE: side-channel attack on Montgomery ladder implementation
  - debian/patches/CVE-2014-0076.patch: add and use constant time swap in
    crypto/bn/bn.h, crypto/bn/bn_lib.c, crypto/ec/ec2_mult.c,
    util/libeay.num.
  - CVE-2014-0076
* SECURITY UPDATE: memory disclosure in TLS heartbeat extension
  - debian/patches/CVE-2014-0160.patch: use correct lengths in
    ssl/d1_both.c, ssl/t1_lib.c.
  - CVE-2014-0160

lp:ubuntu/trusty-security/openssl bug 2 Mature 2015-06-11 07:34:23 UTC 2015-06-11
112. * SECURITY IMPROVEMENT: reject dh key...

Author: Marc Deslauriers
Revision Date: 2015-06-11 07:34:23 UTC

* SECURITY IMPROVEMENT: reject dh keys smaller than 768 bits
  - debian/patches/reject_small_dh.patch: reject small dh keys in
    ssl/s3_clnt.c, ssl/ssl.h, ssl/ssl_err.c, update documentation in
    doc/ssl/SSL_CTX_set_tmp_dh_callback.pod, make s_server use 2048-bit
    dh in apps/s_server.c, clarify docs in doc/apps/dhparam.pod.
* SECURITY UPDATE: denial of service and possible code execution via
  invalid free in DTLS
  - debian/patches/CVE-2014-8176.patch: fix invalid free in ssl/d1_lib.c.
  - CVE-2014-8176
* SECURITY UPDATE: denial of service via malformed ECParameters
  - debian/patches/CVE-2015-1788.patch: improve logic in
    crypto/bn/bn_gf2m.c.
  - CVE-2015-1788
* SECURITY UPDATE: denial of service via out-of-bounds read in
  X509_cmp_time
  - debian/patches/CVE-2015-1789.patch: properly parse time format in
    crypto/x509/x509_vfy.c.
  - CVE-2015-1789
* SECURITY UPDATE: denial of service via missing EnvelopedContent
  - debian/patches/CVE-2015-1790.patch: handle NULL data_body in
    crypto/pkcs7/pk7_doit.c.
  - CVE-2015-1790
* SECURITY UPDATE: race condition in NewSessionTicket
  - debian/patches/CVE-2015-1791.patch: create a new session in
    ssl/s3_clnt.c, ssl/ssl.h, ssl/ssl_err.c, ssl/ssl_locl.h,
    ssl/ssl_sess.c.
  - debian/patches/CVE-2015-1791-2.patch: fix kerberos issue in
    ssl/ssl_sess.c.
  - debian/patches/CVE-2015-1791-3.patch: more ssl_session_dup fixes in
    ssl/ssl_sess.c.
  - CVE-2015-1791
* SECURITY UPDATE: CMS verify infinite loop with unknown hash function
  - debian/patches/CVE-2015-1792.patch: fix infinite loop in
    crypto/cms/cms_smime.c.
  - CVE-2015-1792

lp:ubuntu/trusty-updates/openssl 2 Mature 2015-06-11 07:34:23 UTC 2015-06-11
112. * SECURITY IMPROVEMENT: reject dh key...

Author: Marc Deslauriers
Revision Date: 2015-06-11 07:34:23 UTC

* SECURITY IMPROVEMENT: reject dh keys smaller than 768 bits
  - debian/patches/reject_small_dh.patch: reject small dh keys in
    ssl/s3_clnt.c, ssl/ssl.h, ssl/ssl_err.c, update documentation in
    doc/ssl/SSL_CTX_set_tmp_dh_callback.pod, make s_server use 2048-bit
    dh in apps/s_server.c, clarify docs in doc/apps/dhparam.pod.
* SECURITY UPDATE: denial of service and possible code execution via
  invalid free in DTLS
  - debian/patches/CVE-2014-8176.patch: fix invalid free in ssl/d1_lib.c.
  - CVE-2014-8176
* SECURITY UPDATE: denial of service via malformed ECParameters
  - debian/patches/CVE-2015-1788.patch: improve logic in
    crypto/bn/bn_gf2m.c.
  - CVE-2015-1788
* SECURITY UPDATE: denial of service via out-of-bounds read in
  X509_cmp_time
  - debian/patches/CVE-2015-1789.patch: properly parse time format in
    crypto/x509/x509_vfy.c.
  - CVE-2015-1789
* SECURITY UPDATE: denial of service via missing EnvelopedContent
  - debian/patches/CVE-2015-1790.patch: handle NULL data_body in
    crypto/pkcs7/pk7_doit.c.
  - CVE-2015-1790
* SECURITY UPDATE: race condition in NewSessionTicket
  - debian/patches/CVE-2015-1791.patch: create a new session in
    ssl/s3_clnt.c, ssl/ssl.h, ssl/ssl_err.c, ssl/ssl_locl.h,
    ssl/ssl_sess.c.
  - debian/patches/CVE-2015-1791-2.patch: fix kerberos issue in
    ssl/ssl_sess.c.
  - debian/patches/CVE-2015-1791-3.patch: more ssl_session_dup fixes in
    ssl/ssl_sess.c.
  - CVE-2015-1791
* SECURITY UPDATE: CMS verify infinite loop with unknown hash function
  - debian/patches/CVE-2015-1792.patch: fix infinite loop in
    crypto/cms/cms_smime.c.
  - CVE-2015-1792

lp:ubuntu/trusty-proposed/openssl 1 Development 2014-04-07 15:37:53 UTC 2014-04-07
102. * SECURITY UPDATE: side-channel attac...

Author: Marc Deslauriers
Revision Date: 2014-04-07 15:37:53 UTC

* SECURITY UPDATE: side-channel attack on Montgomery ladder implementation
  - debian/patches/CVE-2014-0076.patch: add and use constant time swap in
    crypto/bn/bn.h, crypto/bn/bn_lib.c, crypto/ec/ec2_mult.c,
    util/libeay.num.
  - CVE-2014-0076
* SECURITY UPDATE: memory disclosure in TLS heartbeat extension
  - debian/patches/CVE-2014-0160.patch: use correct lengths in
    ssl/d1_both.c, ssl/t1_lib.c.
  - CVE-2014-0160

14 of 4 results