lp:ubuntu/vivid/openssl

Branch merges

Propose for merging

1 branch proposed for merging into this one.

No branches dependent on this one.

Related source package recipes

No recipes using this branch. (?)

Create packaging recipe

Related snap packages

Related bugs

Related blueprints

111. By Marc Deslauriers on 2015-03-19

* SECURITY UPDATE: denial of service and possible memory corruption via
  malformed EC private key
  - debian/patches/CVE-2015-0209.patch: fix use after free in
    crypto/ec/ec_asn1.c.
  - debian/patches/CVE-2015-0209-2.patch: fix a failure to NULL a pointer
    freed on error in crypto/asn1/x_x509.c, crypto/ec/ec_asn1.c.
  - CVE-2015-0209
* SECURITY UPDATE: denial of service via cert verification
  - debian/patches/CVE-2015-0286.patch: handle boolean types in
    crypto/asn1/a_type.c.
  - CVE-2015-0286
* SECURITY UPDATE: ASN.1 structure reuse memory corruption
  - debian/patches/CVE-2015-0287.patch: free up structures in
    crypto/asn1/tasn_dec.c.
  - CVE-2015-0287
* SECURITY UPDATE: denial of service via invalid certificate key
  - debian/patches/CVE-2015-0288.patch: check public key isn't NULL in
    crypto/x509/x509_req.c.
  - CVE-2015-0288
* SECURITY UPDATE: denial of service and possible code execution via
  PKCS#7 parsing
  - debian/patches/CVE-2015-0289.patch: handle missing content in
    crypto/pkcs7/pk7_doit.c, crypto/pkcs7/pk7_lib.c.
  - CVE-2015-0289
* SECURITY UPDATE: denial of service or memory corruption via base64
  decoding
  - debian/patches/CVE-2015-0292.patch: prevent underflow in
    crypto/evp/encode.c.
  - CVE-2015-0292
* SECURITY UPDATE: denial of service via assert in SSLv2 servers
  - debian/patches/CVE-2015-0293.patch: check key lengths in
    ssl/s2_lib.c, ssl/s2_srvr.c.
  - debian/patches/CVE-2015-0293-2.patch: fix unsigned/signed warnings in
    ssl/s2_srvr.c.
  - CVE-2015-0293

110. By Marc Deslauriers on 2015-01-09

* SECURITY UPDATE: denial of service via unexpected handshake when
  no-ssl3 build option is used (not the default)
  - debian/patches/CVE-2014-3569.patch: keep the old method for now in
    ssl/s23_srvr.c.
  - CVE-2014-3569
* SECURITY UPDATE: bignum squaring may produce incorrect results
  - debian/patches/CVE-2014-3570.patch: fix bignum logic in
    crypto/bn/asm/mips.pl, crypto/bn/asm/x86_64-gcc.c,
    crypto/bn/bn_asm.c, removed crypto/bn/asm/mips3.s, added test to
    crypto/bn/bntest.c.
  - CVE-2014-3570
* SECURITY UPDATE: DTLS segmentation fault in dtls1_get_record
  - debian/patches/CVE-2014-3571-1.patch: fix crash in ssl/d1_pkt.c,
    ssl/s3_pkt.c.
  - debian/patches/CVE-2014-3571-2.patch: make code more obvious in
    ssl/d1_pkt.c.
  - CVE-2014-3571
* SECURITY UPDATE: ECDHE silently downgrades to ECDH [Client]
  - debian/patches/CVE-2014-3572.patch: don't skip server key exchange in
    ssl/s3_clnt.c.
  - CVE-2014-3572
* SECURITY UPDATE: certificate fingerprints can be modified
  - debian/patches/CVE-2014-8275.patch: fix various fingerprint issues in
    crypto/asn1/a_bitstr.c, crypto/asn1/a_type.c, crypto/asn1/a_verify.c,
    crypto/asn1/asn1.h, crypto/asn1/asn1_err.c, crypto/asn1/x_algor.c,
    crypto/dsa/dsa_asn1.c, crypto/ecdsa/ecs_vrf.c, crypto/x509/x509.h,
    crypto/x509/x_all.c.
  - CVE-2014-8275
* SECURITY UPDATE: RSA silently downgrades to EXPORT_RSA [Client]
  - debian/patches/CVE-2015-0204.patch: only allow ephemeral RSA keys in
    export ciphersuites in ssl/d1_srvr.c, ssl/s3_clnt.c, ssl/s3_srvr.c,
    ssl/ssl.h, adjust documentation in doc/ssl/SSL_CTX_set_options.pod,
    doc/ssl/SSL_CTX_set_tmp_rsa_callback.pod.
  - CVE-2015-0204
* SECURITY UPDATE: DH client certificates accepted without verification
  - debian/patches/CVE-2015-0205.patch: prevent use of DH client
    certificates without sending certificate verify message in
    ssl/s3_srvr.c.
  - CVE-2015-0205
* SECURITY UPDATE: DTLS memory leak in dtls1_buffer_record
  - debian/patches/CVE-2015-0206.patch: properly handle failures in
    ssl/d1_pkt.c.
  - CVE-2015-0206

109. By Marc Deslauriers on 2014-10-16

* SECURITY UPDATE: denial of service via DTLS SRTP memory leak
  - debian/patches/CVE-2014-3513.patch: fix logic in ssl/d1_srtp.c,
    ssl/srtp.h, ssl/t1_lib.c, util/mk1mf.pl, util/mkdef.pl,
    util/ssleay.num.
  - CVE-2014-3513
* SECURITY UPDATE: denial of service via session ticket integrity check
  memory leak
  - debian/patches/CVE-2014-3567.patch: perform cleanup in ssl/t1_lib.c.
  - CVE-2014-3567
* SECURITY UPDATE: fix the no-ssl3 build option
  - debian/patches/CVE-2014-3568.patch: fix conditional code in
    ssl/s23_clnt.c, ssl/s23_srvr.c.
  - CVE-2014-3568
* SECURITY IMPROVEMENT: Added TLS_FALLBACK_SCSV support to mitigate a
  protocol downgrade attack to SSLv3 that exposes the POODLE attack.
  - debian/patches/tls_fallback_scsv_support.patch: added support for
    TLS_FALLBACK_SCSV in apps/s_client.c, crypto/err/openssl.ec,
    ssl/d1_lib.c, ssl/dtls1.h, ssl/s23_clnt.c, ssl/s23_srvr.c,
    ssl/s2_lib.c, ssl/s3_enc.c, ssl/s3_lib.c, ssl/ssl.h, ssl/ssl3.h,
    ssl/ssl_err.c, ssl/ssl_lib.c, ssl/t1_enc.c, ssl/tls1.h,
    doc/apps/s_client.pod, doc/ssl/SSL_CTX_set_mode.pod.

108. By Colin Watson on 2014-09-26

Backport collected POWER8 optimisations from upstream (LP: #1290579).

107. By Marc Deslauriers on 2014-08-07

* SECURITY UPDATE: double free when processing DTLS packets
  - debian/patches/CVE-2014-3505.patch: fix double free in ssl/d1_both.c.
  - CVE-2014-3505
* SECURITY UPDATE: DTLS memory exhaustion
  - debian/patches/CVE-2014-3506.patch: fix DTLS handshake message size
    checks in ssl/d1_both.c.
  - CVE-2014-3506
* SECURITY UPDATE: DTLS memory leak from zero-length fragments
  - debian/patches/CVE-2014-3507.patch: fix memory leak and return codes
    in ssl/d1_both.c.
  - CVE-2014-3507
* SECURITY UPDATE: information leak in pretty printing functions
  - debian/patches/CVE-2014-3508.patch: fix OID handling in
    crypto/asn1/a_object.c, crypto/objects/obj_dat.c.
  - CVE-2014-3508
* SECURITY UPDATE: race condition in ssl_parse_serverhello_tlsext
  - debian/patches/CVE-2014-3509.patch: fix race in ssl/t1_lib.c.
  - CVE-2014-3509
* SECURITY UPDATE: DTLS anonymous EC(DH) denial of service
  - debian/patches/CVE-2014-3510.patch: check for server certs in
    ssl/d1_clnt.c, ssl/s3_clnt.c.
  - CVE-2014-3510
* SECURITY UPDATE: TLS protocol downgrade attack
  - debian/patches/CVE-2014-3511.patch: properly handle fragments in
    ssl/s23_srvr.c.
  - CVE-2014-3511
* SECURITY UPDATE: SRP buffer overrun
  - debian/patches/CVE-2014-3512.patch: check parameters in
    crypto/srp/srp_lib.c.
  - CVE-2014-3512
* SECURITY UPDATE: crash with SRP ciphersuite in Server Hello message
  - debian/patches/CVE-2014-5139.patch: fix SRP authentication and make
    sure ciphersuite is set up correctly in ssl/s3_clnt.c, ssl/ssl_lib.c,
    ssl/s3_lib.c, ssl/ssl.h, ssl/ssl_ciph.c, ssl/ssl_locl.h.
  - CVE-2014-5139

106. By Marc Deslauriers on 2014-06-20

* SECURITY UPDATE: regression with certain renegotiations (LP: #1332643)
  - debian/patches/CVE-2014-0224-regression2.patch: accept CCS after
    sending finished ssl/s3_clnt.c.

105. By Marc Deslauriers on 2014-06-12

* SECURITY UPDATE: regression with tls_session_secret_cb (LP: #1329297)
  - debian/patches/CVE-2014-0224.patch: set the CCS_OK flag when using
    tls_session_secret_cb for session resumption in ssl/s3_clnt.c.

104. By Marc Deslauriers on 2014-06-05

* SECURITY UPDATE: arbitrary code execution via DTLS invalid fragment
  - debian/patches/CVE-2014-0195.patch: add consistency check for DTLS
    fragments in ssl/d1_both.c.
  - CVE-2014-0195
* SECURITY UPDATE: denial of service via DTLS recursion flaw
  - debian/patches/CVE-2014-0221.patch: handle DTLS hello request without
    recursion in ssl/d1_both.c.
  - CVE-2014-0221
* SECURITY UPDATE: MITM via change cipher spec
  - debian/patches/CVE-2014-0224-1.patch: only accept change cipher spec
    when it is expected in ssl/s3_clnt.c, ssl/s3_pkt.c, ssl/s3_srvr.c,
    ssl/ssl3.h.
  - debian/patches/CVE-2014-0224-2.patch: don't accept zero length master
    secrets in ssl/s3_pkt.c.
  - debian/patches/CVE-2014-0224-3.patch: allow CCS after resumption in
    ssl/s3_clnt.c.
  - CVE-2014-0224
* SECURITY UPDATE: denial of service via ECDH null session cert
  - debian/patches/CVE-2014-3470.patch: check session_cert is not NULL
    before dereferencing it in ssl/s3_clnt.c.
  - CVE-2014-3470

103. By Marc Deslauriers on 2014-05-02

* SECURITY UPDATE: denial of service via use after free
  - debian/patches/CVE-2010-5298.patch: check s->s3->rbuf.left before
    releasing buffers in ssl/s3_pkt.c.
  - CVE-2010-5298
* SECURITY UPDATE: denial of service via null pointer dereference
  - debian/patches/CVE-2014-0198.patch: if buffer was released, get a new
    one in ssl/s3_pkt.c.
  - CVE-2014-0198

102. By Marc Deslauriers on 2014-04-07

* SECURITY UPDATE: side-channel attack on Montgomery ladder implementation
  - debian/patches/CVE-2014-0076.patch: add and use constant time swap in
    crypto/bn/bn.h, crypto/bn/bn_lib.c, crypto/ec/ec2_mult.c,
    util/libeay.num.
  - CVE-2014-0076
* SECURITY UPDATE: memory disclosure in TLS heartbeat extension
  - debian/patches/CVE-2014-0160.patch: use correct lengths in
    ssl/d1_both.c, ssl/t1_lib.c.
  - CVE-2014-0160