Created by James Westby and last modified
Get this branch:
bzr branch lp:ubuntu/dapper-proposed/openssl
Members of Ubuntu branches can upload to this branch. Log in for directions.

Branch merges

Related bugs

Related blueprints

Branch information

Ubuntu branches
Review team:
Ubuntu Development Team

Recent revisions

16. By Marc Deslauriers

* SECURITY UPDATE: TLS renegotiation flaw (LP: #616759)
  - apps/{s_client,s_server}.c, doc/ssl/SSL_CTX_set_options.pod,
    ssl_err,ssl_lib,t1_lib,t1_reneg}.c, ssl/Makefile, ssl/{ssl3,ssl,
    ssl_locl,tls1}.h: add rfc5746 support. Patch backport thanks to
    Red Hat.
  - CVE-2009-3555

15. By Kees Cook

* SECURITY UPDATE: memory leak possible during state clean-up.
  - crypto/comp/c_zlib.c: upstream fixes applied inline.
  - CVE-2009-4355

14. By Marc Deslauriers

* SECURITY UPDATE: certificate spoofing via hash collisions from MD2
  design flaws.
  - crypto/evp/c_alld.c, ssl/ssl_algs.c: disable MD2 digest.
  - crypto/x509/x509_vfy.c: skip signature check for self signed
  - http://marc.info/?l=openssl-cvs&m=124508133203041&w=2
  - http://marc.info/?l=openssl-cvs&m=124704528713852&w=2
  - CVE-2009-2409

13. By Marc Deslauriers

* SECURITY UPDATE: denial of service via memory consumption from large
  number of future epoch DTLS records.
  - crypto/pqueue.*: add new pqueue_size counter function.
  - ssl/d1_pkt.c: use pqueue_size to limit size of queue to 100.
  - http://cvs.openssl.org/chngview?cn=18187
  - CVE-2009-1377
* SECURITY UPDATE: denial of service via memory consumption from
  duplicate or invalid sequence numbers in DTLS records.
  - ssl/d1_both.c: discard message if it's a duplicate or too far in the
  - http://marc.info/?l=openssl-dev&m=124263491424212&w=2
  - CVE-2009-1378
* SECURITY UPDATE: denial of service or other impact via use-after-free
  in dtls1_retrieve_buffered_fragment.
  - ssl/d1_both.c: use temp frag_len instead of freed frag.
  - http://rt.openssl.org/Ticket/Display.html?id=1923
  - CVE-2009-1379
* SECURITY UPDATE: denial of service via DTLS ChangeCipherSpec packet
  that occurs before ClientHello.
  - ssl/s3_pkt.c: abort if s->session is NULL.
  - ssl/{ssl.h,ssl_err.c}: add new error codes.
  - http://cvs.openssl.org/chngview?cn=17369
  - CVE-2009-1386
* SECURITY UPDATE: denial of service via an out-of-sequence DTLS
  handshake message.
  - ssl/d1_both.c: don't buffer fragments with no data.
  - http://cvs.openssl.org/chngview?cn=17958
  - CVE-2009-1387

12. By Jamie Strandboge

* SECURITY UPDATE: crash via invalid memory access when printing BMPString
  or UniversalString with invalid length
  - crypto/asn1/tasn_dec.c, crypto/asn1/asn1_err.c and crypto/asn1/asn1.h:
    return error if invalid length
  - CVE-2009-0590
  - http://www.openssl.org/news/secadv_20090325.txt
  - patch from upstream CVS:

11. By Jamie Strandboge

* SECURITY UPDATE: clients treat malformed signatures as good when verifying
  server DSA and ECDSA certificates
  - update apps/speed.c, apps/spkac.c, apps/verify.c, apps/x509.c,
    ssl/s2_clnt.c, ssl/s2_srvr.c, ssl/s3_clnt.c, s3_srvr.c, and
    ssl/ssltest.c to properly check the return code of EVP_VerifyFinal()
  - patch based on upstream patch for #2008-016
  - CVE-2008-5077

10. By Kees Cook

* SECURITY UPDATE: DTLS implementation can lead to remote code execution.
* ssl/{ssl_err,d1_both}.c, ssl/{dtls1,ssl}.h: patched inline with upstream
  fixes backported thanks to Ludwig Nussel.
* References

9. By Kees Cook

[ Jamie Strandboge ]
* SECURITY UPDATE: off-by-one error in SSL_get_shared_ciphers() results in
  buffer overflow
* ssl/ssl_lib.c: applied upstream patch from openssl CVS thanks to
  Stephan Hermann
* References:
  Fixes LP: #146269

[ Kees Cook ]
* SECURITY UPDATE: side-channel attacks via BN_from_montgomery function.
* crypto/bn/bn_mont.c: upstream patch from openssl CVS thanks to Debian.
* References

8. By Martin Pitt

crypto/dh/dh_key.c: Fix return value to prevent free'ing an uninit'ed

7. By Martin Pitt

* SECURITY UPDATE: Remote arbitrary code execution, remote DoS.
* crypto/asn1/tasn_dec.c, asn1_d2i_ex_primitive(): Initialize 'ret' to avoid
  an infinite loop in some circumstances. [CVE-2006-2937]
* ssl/ssl_lib.c, SSL_get_shared_ciphers(): Fix len comparison to correctly
  handle invalid long cipher list strings. [CVE-2006-3738]
* ssl/s2_clnt.c, get_server_hello(): Check for NULL session certificate to
  avoid client crash with malicious server responses. [CVE-2006-4343]
* Certain types of public key could take disproportionate amounts of time to
  process. Apply patch from Bodo Moeller to impose limits to public key type
  values (similar to Mozilla's libnss). Fixes CPU usage/memory DoS. [CVE-2006-2940]
* Updated patch in previous package version to fix a few corner-case
  regressions. (This reverts the changes to rsa_eay.c/rsa.h/rsa_err.c, which
  were determined to not be necessary).

Branch metadata

Branch format:
Branch format 7
Repository format:
Bazaar repository format 2a (needs bzr 1.16 or later)
Stacked on:
This branch contains Public information 
Everyone can see this information.