ubuntu/+source/openssl:applied/ubuntu/precise-updates

Last commit made on 2017-01-31
Get this branch:
git clone -b applied/ubuntu/precise-updates https://git.launchpad.net/ubuntu/+source/openssl
Members of Ubuntu Server Dev import team can upload to this branch. Log in for directions.

Branch merges

Branch information

Name:
applied/ubuntu/precise-updates
Repository:
lp:ubuntu/+source/openssl

Recent commits

c421712... by Marc Deslauriers on 2017-01-30

Import patches-applied version 1.0.1-4ubuntu5.39 to applied/ubuntu/precise-security

Imported using git-ubuntu import.

Changelog parent: 12d1e853c5b11fc4cda49470581f216e95dbd2a8
Unapplied parent: 5f929762255950fc32fc232ed526c344e884ab68

New changelog entries:
  * SECURITY UPDATE: Pointer arithmetic undefined behaviour
    - debian/patches/CVE-2016-2177-pre.patch: check for ClientHello message
      overruns in ssl/s3_srvr.c.
    - debian/patches/CVE-2016-2177-pre2.patch: validate ClientHello
      extension field length in ssl/t1_lib.c.
    - debian/patches/CVE-2016-2177-pre3.patch: pass in a limit rather than
      calculate it in ssl/s3_srvr.c, ssl/ssl_locl.h, ssl/t1_lib.c.
    - debian/patches/CVE-2016-2177.patch: avoid undefined pointer
      arithmetic in ssl/s3_srvr.c, ssl/t1_lib.c,
    - CVE-2016-2177
  * SECURITY UPDATE: ECDSA P-256 timing attack key recovery
    - debian/patches/CVE-2016-7056.patch: use BN_mod_exp_mont_consttime in
      crypto/ec/ec.h, crypto/ec/ec_lcl.h, crypto/ec/ec_lib.c,
      crypto/ecdsa/ecs_ossl.c.
    - CVE-2016-7056
  * SECURITY UPDATE: DoS via warning alerts
    - debian/patches/CVE-2016-8610.patch: don't allow too many consecutive
      warning alerts in ssl/d1_pkt.c, ssl/s3_pkt.c, ssl/ssl.h,
      ssl/ssl_locl.h.
    - debian/patches/CVE-2016-8610-2.patch: fail if an unrecognised record
      type is received in ssl/s3_pkt.c.
    - CVE-2016-8610
  * SECURITY UPDATE: Truncated packet could crash via OOB read
    - debian/patches/CVE-2017-3731-pre.patch: sanity check
      EVP_CTRL_AEAD_TLS_AAD in crypto/evp/e_aes.c,
      crypto/evp/e_aes_cbc_hmac_sha1.c, crypto/evp/e_rc4_hmac_md5.c,
      crypto/evp/evp.h, ssl/t1_enc.c.
    - debian/patches/CVE-2017-3731.patch: harden RC4_MD5 cipher in
      crypto/evp/e_rc4_hmac_md5.c.
    - CVE-2017-3731

5f92976... by Marc Deslauriers on 2017-01-30

[PATCH] crypto/evp: harden RC4_MD5 cipher.

Gbp-Pq: CVE-2017-3731.patch.

02e560c... by Marc Deslauriers on 2017-01-30

[PATCH] Sanity check EVP_CTRL_AEAD_TLS_AAD

Gbp-Pq: CVE-2017-3731-pre.patch.

e4428ad... by Marc Deslauriers on 2017-01-30

[PATCH] Fail if an unrecognised record type is received

Gbp-Pq: CVE-2016-8610-2.patch.

27f3582... by Marc Deslauriers on 2017-01-30

[PATCH] Don't allow too many consecutive warning alerts

Gbp-Pq: CVE-2016-8610.patch.

5aa278f... by Marc Deslauriers on 2017-01-30

[PATCH] Reserve option to use BN_mod_exp_mont_consttime in ECDSA.

Gbp-Pq: CVE-2016-7056.patch.

5799c12... by Marc Deslauriers on 2017-01-30

[PATCH] Avoid some undefined pointer arithmetic

Gbp-Pq: CVE-2016-2177.patch.

0c51bc5... by Marc Deslauriers on 2017-01-30

[PATCH] Change functions to pass in a limit rather than calculate it

Gbp-Pq: CVE-2016-2177-pre3.patch.

a2f8ef7... by Marc Deslauriers on 2017-01-30

[PATCH] Validate ClientHello extension field length

Gbp-Pq: CVE-2016-2177-pre2.patch.

b0a2e4f... by Marc Deslauriers on 2017-01-30

[PATCH] Check for ClientHello message overruns

Gbp-Pq: CVE-2016-2177-pre.patch.