Publishing details
Changelog
openssl (1.0.2g-1ubuntu11.2~ubuntu16.04.1~c42.ppa1) xenial; urgency=medium
* No-change backport to xenial
openssl (1.0.2g-1ubuntu11.2) zesty; urgency=medium
* aes/asm/aesni-sha*-x86_64.pl: fix IV handling in SHAEXT paths.
(LP: #1674399)
openssl (1.0.2g-1ubuntu11.1) zesty; urgency=medium
* crypto/x86*cpuid.pl: move extended feature detection. (LP: #1674399)
This fix moves extended feature detection past basic feature
detection where it belongs. 32-bit counterpart is harmonized too.
openssl (1.0.2g-1ubuntu11) zesty; urgency=medium
* SECURITY UPDATE: Montgomery multiplication may produce incorrect
results
- debian/patches/CVE-2016-7055.patch: fix logic in
crypto/bn/asm/x86_64-mont.pl.
- CVE-2016-7055
* SECURITY UPDATE: DoS via warning alerts
- debian/patches/CVE-2016-8610.patch: don't allow too many consecutive
warning alerts in ssl/d1_pkt.c, ssl/s3_pkt.c, ssl/ssl.h,
ssl/ssl_locl.h.
- debian/patches/CVE-2016-8610-2.patch: fail if an unrecognised record
type is received in ssl/s3_pkt.c.
- CVE-2016-8610
* SECURITY UPDATE: Truncated packet could crash via OOB read
- debian/patches/CVE-2017-3731.patch: harden RC4_MD5 cipher in
crypto/evp/e_rc4_hmac_md5.c.
- CVE-2017-3731
* SECURITY UPDATE: BN_mod_exp may produce incorrect results on x86_64
- debian/patches/CVE-2017-3732.patch: fix carry bug in
bn_sqr8x_internal in crypto/bn/asm/x86_64-mont5.pl.
- CVE-2017-3732
openssl (1.0.2g-1ubuntu10) zesty; urgency=medium
* Provide libssl1.0-dev metapackage to satisfy dep-waits.
openssl (1.0.2g-1ubuntu9) yakkety; urgency=medium
* SECURITY UPDATE: Pointer arithmetic undefined behaviour
- debian/patches/CVE-2016-2177.patch: avoid undefined pointer
arithmetic in ssl/s3_srvr.c, ssl/ssl_sess.c, ssl/t1_lib.c.
- CVE-2016-2177
* SECURITY UPDATE: Constant time flag not preserved in DSA signing
- debian/patches/CVE-2016-2178-*.patch: preserve BN_FLG_CONSTTIME in
crypto/dsa/dsa_ossl.c.
- CVE-2016-2178
* SECURITY UPDATE: DTLS buffered message DoS
- debian/patches/CVE-2016-2179.patch: fix queue handling in
ssl/d1_both.c, ssl/d1_clnt.c, ssl/d1_lib.c, ssl/d1_srvr.c,
ssl/ssl_locl.h.
- CVE-2016-2179
* SECURITY UPDATE: OOB read in TS_OBJ_print_bio()
- debian/patches/CVE-2016-2180.patch: fix text handling in
crypto/ts/ts_lib.c.
- CVE-2016-2180
* SECURITY UPDATE: DTLS replay protection DoS
- debian/patches/CVE-2016-2181-1.patch: properly handle unprocessed
records in ssl/d1_pkt.c.
- debian/patches/CVE-2016-2181-2.patch: protect against replay attacks
in ssl/d1_pkt.c, ssl/ssl.h, ssl/ssl_err.c.
- debian/patches/CVE-2016-2181-3.patch: update error code in ssl/ssl.h.
- CVE-2016-2181
* SECURITY UPDATE: OOB write in BN_bn2dec()
- debian/patches/CVE-2016-2182.patch: don't overflow buffer in
crypto/bn/bn_print.c.
- debian/patches/CVE-2016-2182-2.patch: fix off-by-one in overflow
check in crypto/bn/bn_print.c.
- CVE-2016-2182
* SECURITY UPDATE: SWEET32 Mitigation
- debian/patches/CVE-2016-2183.patch: move DES ciphersuites from HIGH
to MEDIUM in ssl/s3_lib.c.
- CVE-2016-2183
* SECURITY UPDATE: Malformed SHA512 ticket DoS
- debian/patches/CVE-2016-6302.patch: sanity check ticket length in
ssl/t1_lib.c.
- CVE-2016-6302
* SECURITY UPDATE: OOB write in MDC2_Update()
- debian/patches/CVE-2016-6303.patch: avoid overflow in
crypto/mdc2/mdc2dgst.c.
- CVE-2016-6303
* SECURITY UPDATE: OCSP Status Request extension unbounded memory growth
- debian/patches/CVE-2016-6304.patch: remove OCSP_RESPIDs from previous
handshake in ssl/t1_lib.c.
- CVE-2016-6304
* SECURITY UPDATE: Certificate message OOB reads
- debian/patches/CVE-2016-6306-1.patch: check lengths in ssl/s3_clnt.c,
ssl/s3_srvr.c.
- debian/patches/CVE-2016-6306-2.patch: make message buffer slightly
larger in ssl/d1_both.c, ssl/s3_both.c.
- CVE-2016-6306
openssl (1.0.2g-1ubuntu8) yakkety; urgency=medium
* Remove unused FIPS patches for now. (LP: #1594748, LP: #1593953,
LP: #1591797, LP: #1588524)
openssl (1.0.2g-1ubuntu7) yakkety; urgency=medium
* Cherry-pick s390x assembly pack bugfix to cache capability query
results for improved performance. LP: #1601836.
openssl (1.0.2g-1ubuntu6) yakkety; urgency=medium
* Enable asm optimisations on s390x. LP: #1602655.
openssl (1.0.2g-1ubuntu5) yakkety; urgency=medium
* SECURITY UPDATE: EVP_EncodeUpdate overflow
- debian/patches/CVE-2016-2105.patch: properly check lengths in
crypto/evp/encode.c, add documentation to
doc/crypto/EVP_EncodeInit.pod, doc/crypto/evp.pod.
- CVE-2016-2105
* SECURITY UPDATE: EVP_EncryptUpdate overflow
- debian/patches/CVE-2016-2106.patch: fix overflow in
crypto/evp/evp_enc.c.
- CVE-2016-2106
* SECURITY UPDATE: Padding oracle in AES-NI CBC MAC check
- debian/patches/CVE-2016-2107.patch: check that there are enough
padding characters in crypto/evp/e_aes_cbc_hmac_sha1.c,
crypto/evp/e_aes_cbc_hmac_sha256.c.
- CVE-2016-2107
* SECURITY UPDATE: Memory corruption in the ASN.1 encoder
- debian/patches/CVE-2016-2108.patch: fix ASN1_INTEGER handling in
crypto/asn1/a_type.c, crypto/asn1/asn1.h, crypto/asn1/tasn_dec.c,
crypto/asn1/tasn_enc.c.
- CVE-2016-2108
* SECURITY UPDATE: ASN.1 BIO excessive memory allocation
- debian/patches/CVE-2016-2109.patch: properly handle large amounts of
data in crypto/asn1/a_d2i_fp.c.
- CVE-2016-2109
-- <email address hidden> (H.-Dirk Schmitt) Wed, 23 Aug 2017 23:23:40 +0200
Builds
Built packages
-
libcrypto1.0.0-udeb
Secure Sockets Layer toolkit - libcrypto udeb
-
libssl-dev
Secure Sockets Layer toolkit - development files
-
libssl-doc
Secure Sockets Layer toolkit - development documentation
-
libssl1.0-dev
Secure Sockets Layer toolkit - metapackage
-
libssl1.0.0
Secure Sockets Layer toolkit - shared libraries
-
libssl1.0.0-dbg
Secure Sockets Layer toolkit - debug information
-
libssl1.0.0-udeb
ssl shared library - udeb
-
openssl
Secure Sockets Layer toolkit - cryptographic utility
Package files