lp:ubuntu/dapper-proposed/openssl
- Get this branch:
- bzr branch lp:ubuntu/dapper-proposed/openssl
Branch merges
Branch information
Recent revisions
- 16. By Marc Deslauriers
-
* SECURITY UPDATE: TLS renegotiation flaw (LP: #616759)
- apps/{s_client, s_server} .c, doc/ssl/ SSL_CTX_ set_options. pod,
ssl/{d1_both, d1_clnt, d1_srvr, s23_clnt, s3_both, s3_clnt, s3_pkt, s3_srvr,
ssl_err,ssl_ lib,t1_ lib,t1_ reneg}. c, ssl/Makefile, ssl/{ssl3,ssl,
ssl_locl,tls1} .h: add rfc5746 support. Patch backport thanks to
Red Hat.
- CVE-2009-3555 - 15. By Kees Cook
-
* SECURITY UPDATE: memory leak possible during state clean-up.
- crypto/comp/c_ zlib.c: upstream fixes applied inline.
- CVE-2009-4355 - 14. By Marc Deslauriers
-
* SECURITY UPDATE: certificate spoofing via hash collisions from MD2
design flaws.
- crypto/evp/c_alld. c, ssl/ssl_algs.c: disable MD2 digest.
- crypto/x509/x509_ vfy.c: skip signature check for self signed
certificates
- http://marc.info/ ?l=openssl- cvs&m=124508133 203041& w=2
- http://marc.info/ ?l=openssl- cvs&m=124704528 713852& w=2
- CVE-2009-2409 - 13. By Marc Deslauriers
-
* SECURITY UPDATE: denial of service via memory consumption from large
number of future epoch DTLS records.
- crypto/pqueue.*: add new pqueue_size counter function.
- ssl/d1_pkt.c: use pqueue_size to limit size of queue to 100.
- http://cvs.openssl. org/chngview? cn=18187
- CVE-2009-1377
* SECURITY UPDATE: denial of service via memory consumption from
duplicate or invalid sequence numbers in DTLS records.
- ssl/d1_both.c: discard message if it's a duplicate or too far in the
future.
- http://marc.info/ ?l=openssl- dev&m=124263491 424212& w=2
- CVE-2009-1378
* SECURITY UPDATE: denial of service or other impact via use-after-free
in dtls1_retrieve_buffered_ fragment.
- ssl/d1_both.c: use temp frag_len instead of freed frag.
- http://rt.openssl. org/Ticket/ Display. html?id= 1923
- CVE-2009-1379
* SECURITY UPDATE: denial of service via DTLS ChangeCipherSpec packet
that occurs before ClientHello.
- ssl/s3_pkt.c: abort if s->session is NULL.
- ssl/{ssl.h,ssl_err. c}: add new error codes.
- http://cvs.openssl. org/chngview? cn=17369
- CVE-2009-1386
* SECURITY UPDATE: denial of service via an out-of-sequence DTLS
handshake message.
- ssl/d1_both.c: don't buffer fragments with no data.
- http://cvs.openssl. org/chngview? cn=17958
- CVE-2009-1387 - 12. By Jamie Strandboge
-
* SECURITY UPDATE: crash via invalid memory access when printing BMPString
or UniversalString with invalid length
- crypto/asn1/tasn_ dec.c, crypto/ asn1/asn1_ err.c and crypto/asn1/asn1.h:
return error if invalid length
- CVE-2009-0590
- http://www.openssl. org/news/ secadv_ 20090325. txt
- patch from upstream CVS:
crypto/asn1/asn1. h:1.128. 2.11->1. 128.2.12
crypto/asn1/asn1_ err.c:1. 54.2.4- >1.54.2. 5
crypto/asn1/tasn_ dec.c:1. 26.2.10- >1.26.2. 11 - 11. By Jamie Strandboge
-
* SECURITY UPDATE: clients treat malformed signatures as good when verifying
server DSA and ECDSA certificates
- update apps/speed.c, apps/spkac.c, apps/verify.c, apps/x509.c,
ssl/s2_clnt.c, ssl/s2_srvr.c, ssl/s3_clnt.c, s3_srvr.c, and
ssl/ssltest.c to properly check the return code of EVP_VerifyFinal()
- patch based on upstream patch for #2008-016
- CVE-2008-5077 - 10. By Kees Cook
-
* SECURITY UPDATE: DTLS implementation can lead to remote code execution.
* ssl/{ssl_err,d1_ both}.c, ssl/{dtls1,ssl}.h: patched inline with upstream
fixes backported thanks to Ludwig Nussel.
* References
http://www.openssl. org/news/ secadv_ 20071012. txt
CVE-2007-4995 - 9. By Kees Cook
-
[ Jamie Strandboge ]
* SECURITY UPDATE: off-by-one error in SSL_get_shared_ ciphers( ) results in
buffer overflow
* ssl/ssl_lib.c: applied upstream patch from openssl CVS thanks to
Stephan Hermann
* References:
CVE-2007-5135
http://www.securityfoc us.com/ archive/ 1/archive/ 1/480855/ 100/0/threaded
Fixes LP: #146269[ Kees Cook ]
* SECURITY UPDATE: side-channel attacks via BN_from_montgomery function.
* crypto/bn/bn_mont. c: upstream patch from openssl CVS thanks to Debian.
* References
CVE-2007-3108 - 7. By Martin Pitt
-
* SECURITY UPDATE: Remote arbitrary code execution, remote DoS.
* crypto/asn1/tasn_ dec.c, asn1_d2i_ ex_primitive( ): Initialize 'ret' to avoid
an infinite loop in some circumstances. [CVE-2006-2937]
* ssl/ssl_lib.c, SSL_get_shared_ ciphers( ): Fix len comparison to correctly
handle invalid long cipher list strings. [CVE-2006-3738]
* ssl/s2_clnt.c, get_server_hello(): Check for NULL session certificate to
avoid client crash with malicious server responses. [CVE-2006-4343]
* Certain types of public key could take disproportionate amounts of time to
process. Apply patch from Bodo Moeller to impose limits to public key type
values (similar to Mozilla's libnss). Fixes CPU usage/memory DoS. [CVE-2006-2940]
* Updated patch in previous package version to fix a few corner-case
regressions. (This reverts the changes to rsa_eay.c/rsa.h/ rsa_err. c, which
were determined to not be necessary).
Branch metadata
- Branch format:
- Branch format 7
- Repository format:
- Bazaar repository format 2a (needs bzr 1.16 or later)
- Stacked on:
- lp:ubuntu/maverick/openssl