Created by Ubuntu Package Importer and last modified
Get this branch:
bzr branch lp:ubuntu/precise-security/openssl
Members of Ubuntu branches can upload to this branch. Log in for directions.

Branch merges

Related bugs

Related blueprints

Branch information

Ubuntu branches
Review team:
Ubuntu Development Team

Recent revisions

97. By Marc Deslauriers

* SECURITY IMPROVEMENT: reject dh keys smaller than 768 bits
  - debian/patches/reject_small_dh.patch: reject small dh keys in
    ssl/s3_clnt.c, ssl/ssl.h, ssl/ssl_err.c, update documentation in
    doc/ssl/SSL_CTX_set_tmp_dh_callback.pod, make s_server use 2048-bit
    dh in apps/s_server.c, clarify docs in doc/apps/dhparam.pod,
    switch defaut dh to 2048-bit in apps/dhparam.c, apps/gendh.c.
* SECURITY UPDATE: denial of service and possible code execution via
  invalid free in DTLS
  - debian/patches/CVE-2014-8176.patch: fix invalid free in ssl/d1_lib.c.
  - CVE-2014-8176
* SECURITY UPDATE: denial of service via malformed ECParameters
  - debian/patches/CVE-2015-1788.patch: improve logic in
  - CVE-2015-1788
* SECURITY UPDATE: denial of service via out-of-bounds read in
  - debian/patches/CVE-2015-1789.patch: properly parse time format in
  - CVE-2015-1789
* SECURITY UPDATE: denial of service via missing EnvelopedContent
  - debian/patches/CVE-2015-1790.patch: handle NULL data_body in
  - CVE-2015-1790
* SECURITY UPDATE: race condition in NewSessionTicket
  - debian/patches/CVE-2015-1791.patch: create a new session in
    ssl/s3_clnt.c, ssl/ssl.h, ssl/ssl_err.c, ssl/ssl_locl.h,
  - debian/patches/CVE-2015-1791-2.patch: fix kerberos issue in
  - debian/patches/CVE-2015-1791-3.patch: more ssl_session_dup fixes in
  - CVE-2015-1791
* SECURITY UPDATE: CMS verify infinite loop with unknown hash function
  - debian/patches/CVE-2015-1792.patch: fix infinite loop in
  - CVE-2015-1792

96. By Marc Deslauriers

* SECURITY IMPROVEMENT: Disable EXPORT ciphers by default
  - debian/patches/disable_export_ciphers.patch: remove export ciphers
    from the DEFAULT cipher list in ssl/ssl.h, ssl/ssl_ciph.c,

95. By Marc Deslauriers

debian/patches/tls12_client_env.patch: Re-enable TLSv1.2 support on the
client by default. For problematic setups, it can be disabled again by
setting OPENSSL_NO_CLIENT_TLS1_2 in the environment during library
initialization. (LP: #1442970)

94. By Marc Deslauriers

* SECURITY UPDATE: denial of service and possible memory corruption via
  malformed EC private key
  - debian/patches/CVE-2015-0209.patch: fix use after free in
  - debian/patches/CVE-2015-0209-2.patch: fix a failure to NULL a pointer
    freed on error in crypto/asn1/x_x509.c, crypto/ec/ec_asn1.c.
  - CVE-2015-0209
* SECURITY UPDATE: denial of service via cert verification
  - debian/patches/CVE-2015-0286.patch: handle boolean types in
  - CVE-2015-0286
* SECURITY UPDATE: ASN.1 structure reuse memory corruption
  - debian/patches/CVE-2015-0287.patch: free up structures in
  - CVE-2015-0287
* SECURITY UPDATE: denial of service via invalid certificate key
  - debian/patches/CVE-2015-0288.patch: check public key isn't NULL in
  - CVE-2015-0288
* SECURITY UPDATE: denial of service and possible code execution via
  PKCS#7 parsing
  - debian/patches/CVE-2015-0289.patch: handle missing content in
    crypto/pkcs7/pk7_doit.c, crypto/pkcs7/pk7_lib.c.
  - CVE-2015-0289
* SECURITY UPDATE: denial of service or memory corruption via base64
  - debian/patches/CVE-2015-0292.patch: prevent underflow in
  - CVE-2015-0292
* SECURITY UPDATE: denial of service via assert in SSLv2 servers
  - debian/patches/CVE-2015-0293.patch: check key lengths in
    ssl/s2_lib.c, ssl/s2_srvr.c.
  - debian/patches/CVE-2015-0293-2.patch: fix unsigned/signed warnings in
  - CVE-2015-0293

93. By Marc Deslauriers

* SECURITY UPDATE: denial of service via unexpected handshake when
  no-ssl3 build option is used (not the default)
  - debian/patches/CVE-2014-3569.patch: keep the old method for now in
  - CVE-2014-3569
* SECURITY UPDATE: bignum squaring may produce incorrect results
  - debian/patches/CVE-2014-3570.patch: fix bignum logic in
    crypto/bn/asm/mips.pl, crypto/bn/asm/x86_64-gcc.c,
    crypto/bn/bn_asm.c, removed crypto/bn/asm/mips3.s, added test to
  - CVE-2014-3570
* SECURITY UPDATE: DTLS segmentation fault in dtls1_get_record
  - debian/patches/CVE-2014-3571-1.patch: fix crash in ssl/d1_pkt.c,
  - debian/patches/CVE-2014-3571-2.patch: make code more obvious in
  - CVE-2014-3571
* SECURITY UPDATE: ECDHE silently downgrades to ECDH [Client]
  - debian/patches/CVE-2014-3572.patch: don't skip server key exchange in
  - CVE-2014-3572
* SECURITY UPDATE: certificate fingerprints can be modified
  - debian/patches/CVE-2014-8275.patch: fix various fingerprint issues in
    crypto/asn1/a_bitstr.c, crypto/asn1/a_type.c, crypto/asn1/a_verify.c,
    crypto/asn1/asn1.h, crypto/asn1/asn1_err.c, crypto/asn1/x_algor.c,
    crypto/dsa/dsa_asn1.c, crypto/ecdsa/ecs_vrf.c, crypto/x509/x509.h,
  - CVE-2014-8275
* SECURITY UPDATE: RSA silently downgrades to EXPORT_RSA [Client]
  - debian/patches/CVE-2015-0204.patch: only allow ephemeral RSA keys in
    export ciphersuites in ssl/d1_srvr.c, ssl/s3_clnt.c, ssl/s3_srvr.c,
    ssl/ssl.h, adjust documentation in doc/ssl/SSL_CTX_set_options.pod,
  - CVE-2015-0204
* SECURITY UPDATE: DTLS memory leak in dtls1_buffer_record
  - debian/patches/CVE-2015-0206.patch: properly handle failures in
  - CVE-2015-0206
* debian/patches/CVE-2015-0205.patch: fix code to prevent confusion in

92. By Marc Deslauriers

* SECURITY UPDATE: denial of service via DTLS SRTP memory leak
  - debian/patches/CVE-2014-3513.patch: fix logic in ssl/d1_srtp.c,
    ssl/srtp.h, ssl/t1_lib.c, util/mk1mf.pl, util/mkdef.pl,
  - CVE-2014-3513
* SECURITY UPDATE: denial of service via session ticket integrity check
  memory leak
  - debian/patches/CVE-2014-3567.patch: perform cleanup in ssl/t1_lib.c.
  - CVE-2014-3567
* SECURITY UPDATE: fix the no-ssl3 build option
  - debian/patches/CVE-2014-3568.patch: fix conditional code in
    ssl/s23_clnt.c, ssl/s23_srvr.c.
  - CVE-2014-3568
  protocol downgrade attack to SSLv3 that exposes the POODLE attack.
  - debian/patches/tls_fallback_scsv_support.patch: added support for
    TLS_FALLBACK_SCSV in apps/s_client.c, crypto/err/openssl.ec,
    ssl/d1_lib.c, ssl/dtls1.h, ssl/s23_clnt.c, ssl/s23_srvr.c,
    ssl/s2_lib.c, ssl/s3_enc.c, ssl/s3_lib.c, ssl/ssl.h, ssl/ssl3.h,
    ssl/ssl_err.c, ssl/ssl_lib.c, ssl/t1_enc.c, ssl/tls1.h,
    doc/apps/s_client.pod, doc/ssl/SSL_CTX_set_mode.pod.

91. By Marc Deslauriers

* SECURITY IMPROVEMENT: remove cipher length limitation that was set to
  work around problematic servers when using TLSv1.2 back in 2012.
  (LP: #1376447)
  - Although TLSv1.2 is disabled for clients by default, forcing it
    enabled would truncate the cipher list, possibly removing important
    ciphers, and was also breaking secure renegotiations.
  - debian/patches/tls12_workarounds.patch: remove
    OPENSSL_MAX_TLS1_2_CIPHER_LENGTH=50 from Configure.

90. By Marc Deslauriers

* SECURITY UPDATE: double free when processing DTLS packets
  - debian/patches/CVE-2014-3505.patch: fix double free in ssl/d1_both.c.
  - CVE-2014-3505
* SECURITY UPDATE: DTLS memory exhaustion
  - debian/patches/CVE-2014-3506.patch: fix DTLS handshake message size
    checks in ssl/d1_both.c.
  - CVE-2014-3506
* SECURITY UPDATE: DTLS memory leak from zero-length fragments
  - debian/patches/CVE-2014-3507.patch: fix memory leak and return codes
    in ssl/d1_both.c.
  - CVE-2014-3507
* SECURITY UPDATE: information leak in pretty printing functions
  - debian/patches/CVE-2014-3508.patch: fix OID handling in
    crypto/asn1/a_object.c, crypto/objects/obj_dat.c.
  - CVE-2014-3508
* SECURITY UPDATE: race condition in ssl_parse_serverhello_tlsext
  - debian/patches/CVE-2014-3509.patch: fix race in ssl/t1_lib.c.
  - CVE-2014-3509
* SECURITY UPDATE: DTLS anonymous EC(DH) denial of service
  - debian/patches/CVE-2014-3510.patch: check for server certs in
    ssl/d1_clnt.c, ssl/s3_clnt.c.
  - CVE-2014-3510
* SECURITY UPDATE: TLS protocol downgrade attack
  - debian/patches/CVE-2014-3511.patch: properly handle fragments in
  - CVE-2014-3511
* SECURITY UPDATE: SRP buffer overrun
  - debian/patches/CVE-2014-3512.patch: check parameters in
  - CVE-2014-3512
* SECURITY UPDATE: crash with SRP ciphersuite in Server Hello message
  - debian/patches/CVE-2014-5139.patch: fix SRP authentication and make
    sure ciphersuite is set up correctly in ssl/s3_clnt.c, ssl/ssl_lib.c,
    ssl/s3_lib.c, ssl/ssl.h, ssl/ssl_ciph.c, ssl/ssl_locl.h.
  - CVE-2014-5139

89. By Marc Deslauriers

* SECURITY UPDATE: regression with certain renegotiations (LP: #1332643)
  - debian/patches/CVE-2014-0224-regression2.patch: accept CCS after
    sending finished ssl/s3_clnt.c.

88. By Marc Deslauriers

* SECURITY UPDATE: regression with tls_session_secret_cb (LP: #1329297)
  - debian/patches/CVE-2014-0224.patch: set the CCS_OK flag when using
    tls_session_secret_cb for session resumption in ssl/s3_clnt.c.

Branch metadata

Branch format:
Branch format 7
Repository format:
Bazaar repository format 2a (needs bzr 1.16 or later)
Stacked on:
This branch contains Public information 
Everyone can see this information.