Ubuntu
openssl package

lp:ubuntu/dapper-updates/openssl

  1. Dapper (6.06)
  2. dapper-updates
Created by James Westby and last modified
Get this branch:
bzr branch lp:ubuntu/dapper-updates/openssl
Members of Ubuntu branches can upload to this branch. Log in for directions.

Branch merges

Related bugs

Related blueprints

Branch information

Owner:
Ubuntu branches
Review team:
Ubuntu Development Team
Status:
Mature

Recent revisions

18. By Steve Beattie

* SECURITY UPDATE: ciphersuite downgrade vulnerability
  - ssl/s3_clnt.c, ssl/s3_srvr.c: disable workaround for Netscape
    cipher suite bug
  - http://openssl.org/news/secadv_20101202.txt
  - CVE-2010-4180

17. By Marc Deslauriers

* SECURITY UPDATE: denial of service and possible code execution via
  unchecked bn_wexpand return values. (LP: #655884)
  - crypto/bn/{bn_mul,bn_div,bn_gf2m}.c, crypto/ec/ec2_smpl.c,
    engines/e_ubsec.c: check return values.
  - http://cvs.openssl.org/chngview?cn=18936
  - http://cvs.openssl.org/chngview?cn=19309
  - CVE-2009-3245
* SECURITY UPDATE: denial of service and possible code execution via
  crafted private key with an invalid prime.
  - ssl/s3_clnt.c: set bn_ctx to NULL after freeing it.
  - http://<email address hidden>/msg28049.html
  - CVE-2010-2939

16. By Marc Deslauriers

* SECURITY UPDATE: TLS renegotiation flaw (LP: #616759)
  - apps/{s_client,s_server}.c, doc/ssl/SSL_CTX_set_options.pod,
    ssl/{d1_both,d1_clnt,d1_srvr,s23_clnt,s3_both,s3_clnt,s3_pkt,s3_srvr,
    ssl_err,ssl_lib,t1_lib,t1_reneg}.c, ssl/Makefile, ssl/{ssl3,ssl,
    ssl_locl,tls1}.h: add rfc5746 support. Patch backport thanks to
    Red Hat.
  - CVE-2009-3555

15. By Kees Cook

* SECURITY UPDATE: memory leak possible during state clean-up.
  - crypto/comp/c_zlib.c: upstream fixes applied inline.
  - CVE-2009-4355

14. By Marc Deslauriers

* SECURITY UPDATE: certificate spoofing via hash collisions from MD2
  design flaws.
  - crypto/evp/c_alld.c, ssl/ssl_algs.c: disable MD2 digest.
  - crypto/x509/x509_vfy.c: skip signature check for self signed
    certificates
  - http://marc.info/?l=openssl-cvs&m=124508133203041&w=2
  - http://marc.info/?l=openssl-cvs&m=124704528713852&w=2
  - CVE-2009-2409

13. By Marc Deslauriers

* SECURITY UPDATE: denial of service via memory consumption from large
  number of future epoch DTLS records.
  - crypto/pqueue.*: add new pqueue_size counter function.
  - ssl/d1_pkt.c: use pqueue_size to limit size of queue to 100.
  - http://cvs.openssl.org/chngview?cn=18187
  - CVE-2009-1377
* SECURITY UPDATE: denial of service via memory consumption from
  duplicate or invalid sequence numbers in DTLS records.
  - ssl/d1_both.c: discard message if it's a duplicate or too far in the
    future.
  - http://marc.info/?l=openssl-dev&m=124263491424212&w=2
  - CVE-2009-1378
* SECURITY UPDATE: denial of service or other impact via use-after-free
  in dtls1_retrieve_buffered_fragment.
  - ssl/d1_both.c: use temp frag_len instead of freed frag.
  - http://rt.openssl.org/Ticket/Display.html?id=1923
  - CVE-2009-1379
* SECURITY UPDATE: denial of service via DTLS ChangeCipherSpec packet
  that occurs before ClientHello.
  - ssl/s3_pkt.c: abort if s->session is NULL.
  - ssl/{ssl.h,ssl_err.c}: add new error codes.
  - http://cvs.openssl.org/chngview?cn=17369
  - CVE-2009-1386
* SECURITY UPDATE: denial of service via an out-of-sequence DTLS
  handshake message.
  - ssl/d1_both.c: don't buffer fragments with no data.
  - http://cvs.openssl.org/chngview?cn=17958
  - CVE-2009-1387

12. By Jamie Strandboge

* SECURITY UPDATE: crash via invalid memory access when printing BMPString
  or UniversalString with invalid length
  - crypto/asn1/tasn_dec.c, crypto/asn1/asn1_err.c and crypto/asn1/asn1.h:
    return error if invalid length
  - CVE-2009-0590
  - http://www.openssl.org/news/secadv_20090325.txt
  - patch from upstream CVS:
    crypto/asn1/asn1.h:1.128.2.11->1.128.2.12
    crypto/asn1/asn1_err.c:1.54.2.4->1.54.2.5
    crypto/asn1/tasn_dec.c:1.26.2.10->1.26.2.11

11. By Jamie Strandboge

* SECURITY UPDATE: clients treat malformed signatures as good when verifying
  server DSA and ECDSA certificates
  - update apps/speed.c, apps/spkac.c, apps/verify.c, apps/x509.c,
    ssl/s2_clnt.c, ssl/s2_srvr.c, ssl/s3_clnt.c, s3_srvr.c, and
    ssl/ssltest.c to properly check the return code of EVP_VerifyFinal()
  - patch based on upstream patch for #2008-016
  - CVE-2008-5077

10. By Kees Cook

* SECURITY UPDATE: DTLS implementation can lead to remote code execution.
* ssl/{ssl_err,d1_both}.c, ssl/{dtls1,ssl}.h: patched inline with upstream
  fixes backported thanks to Ludwig Nussel.
* References
  http://www.openssl.org/news/secadv_20071012.txt
  CVE-2007-4995

9. By Kees Cook

[ Jamie Strandboge ]
* SECURITY UPDATE: off-by-one error in SSL_get_shared_ciphers() results in
  buffer overflow
* ssl/ssl_lib.c: applied upstream patch from openssl CVS thanks to
  Stephan Hermann
* References:
  CVE-2007-5135
  http://www.securityfocus.com/archive/1/archive/1/480855/100/0/threaded
  Fixes LP: #146269

[ Kees Cook ]
* SECURITY UPDATE: side-channel attacks via BN_from_montgomery function.
* crypto/bn/bn_mont.c: upstream patch from openssl CVS thanks to Debian.
* References
  CVE-2007-3108

Branch metadata

Branch format:
Branch format 7
Repository format:
Bazaar repository format 2a (needs bzr 1.16 or later)
Stacked on:
lp:ubuntu/lucid/openssl
This branch contains Public information 
Everyone can see this information.

Subscribers