ubuntu/+source/openssl:ubuntu/trusty-security

Last commit made on 2018-12-06
Get this branch:
git clone -b ubuntu/trusty-security https://git.launchpad.net/ubuntu/+source/openssl
Members of Ubuntu Server Dev import team can upload to this branch. Log in for directions.

Branch merges

Branch information

Name:
ubuntu/trusty-security
Repository:
lp:ubuntu/+source/openssl

Recent commits

767f5d2... by Marc Deslauriers on 2018-12-04

Import patches-unapplied version 1.0.1f-1ubuntu2.27 to ubuntu/trusty-security

Imported using git-ubuntu import.

Changelog parent: 1cfd5a9fd7b0f6d0ddfea3750bd709efab8c19e2

New changelog entries:
  * SECURITY UPDATE: PortSmash side channel attack
    - debian/patches/CVE-2018-5407.patch: fix timing vulnerability in
      crypto/bn/bn_lib.c, crypto/ec/ec_mult.c.
    - CVE-2018-5407
  * SECURITY UPDATE: timing side channel attack in DSA
    - debian/patches/CVE-2018-0734-pre1.patch: address a timing side
      channel in crypto/dsa/dsa_ossl.c.
    - debian/patches/CVE-2018-0734-1.patch: fix timing vulnerability in
      crypto/dsa/dsa_ossl.c.
    - debian/patches/CVE-2018-0734-2.patch: fix mod inverse in
      crypto/dsa/dsa_ossl.c.
    - debian/patches/CVE-2018-0734-3.patch: add a constant time flag in
      crypto/dsa/dsa_ossl.c.
    - CVE-2018-0734

1cfd5a9... by Marc Deslauriers on 2018-06-20

Import patches-unapplied version 1.0.1f-1ubuntu2.26 to ubuntu/trusty-security

Imported using git-ubuntu import.

Changelog parent: d0b2bd46b5e11ff37a538befcfb1436b0c1df1e2

New changelog entries:
  * SECURITY UPDATE: ECDSA key extraction side channel
    - debian/patches/CVE-2018-0495.patch: add blinding to an ECDSA
      signature in crypto/ecdsa/ecdsatest.c, crypto/ecdsa/ecs_ossl.c.
    - CVE-2018-0495
  * SECURITY UPDATE: denial of service via long prime values
    - debian/patches/CVE-2018-0732.patch: reject excessively large primes
      in DH key generation in crypto/dh/dh_key.c.
    - CVE-2018-0732
  * SECURITY UPDATE: RSA cache timing side channel attack
    (previous update was incomplete)
    - debian/patches/CVE-2018-0737-1.patch: replaced variable-time GCD in
      crypto/rsa/rsa_gen.c.
    - debian/patches/CVE-2018-0737-2.patch: used ERR set/pop mark in
      crypto/rsa/rsa_gen.c.
    - debian/patches/CVE-2018-0737-3.patch: consttime flag changed in
      crypto/rsa/rsa_gen.c.
    - debian/patches/CVE-2018-0737-4.patch: ensure BN_mod_inverse and
      BN_mod_exp_mont both get called with BN_FLG_CONSTTIME flag set in
      crypto/rsa/rsa_gen.c.
    - CVE-2018-0737

d0b2bd4... by Leonidas S. Barbosa on 2018-04-18

Import patches-unapplied version 1.0.1f-1ubuntu2.25 to ubuntu/trusty-security

Imported using git-ubuntu import.

Changelog parent: 7e1c5cd7740a5b05794066cd2e3b9b3292d2f223

New changelog entries:
  * SECURITY UPDATE: Cache timing side channel
    - debian/patches/CVE-2018-0737.patch: ensure BN_mod_inverse
      and BN_mod_exp_mont get called with BN_FLG_CONSTTIME flag set
      in crypto/rsa/rsa_gen.c.
    - CVE-2018-0737

7e1c5cd... by Marc Deslauriers on 2018-03-27

Import patches-unapplied version 1.0.1f-1ubuntu2.24 to ubuntu/trusty-security

Imported using git-ubuntu import.

Changelog parent: b68973a0b020dccf9ccbcdde5d49666d73a9eee3

New changelog entries:
  * SECURITY UPDATE: DoS via ASN.1 types with a recursive definition
    - debian/patches/CVE-2018-0739.patch: limit stack depth in
      crypto/asn1/asn1.h, crypto/asn1/asn1_err.c, crypto/asn1/tasn_dec.c.
    - CVE-2018-0739

b68973a... by Marc Deslauriers on 2017-11-02

Import patches-unapplied version 1.0.1f-1ubuntu2.23 to ubuntu/trusty-security

Imported using git-ubuntu import.

Changelog parent: 2288147a3a12d69dfa0e359807d77f54e6e567b5

New changelog entries:
  * SECURITY UPDATE: Malformed X.509 IPAddressFamily could cause OOB read
    - debian/patches/CVE-2017-3735.patch: avoid out-of-bounds read in
      crypto/x509v3/v3_addr.c.
    - CVE-2017-3735

2288147... by Marc Deslauriers on 2017-01-30

Import patches-unapplied version 1.0.1f-1ubuntu2.22 to ubuntu/trusty-security

Imported using git-ubuntu import.

Changelog parent: 6676b09c7d3154fe658db460c0a837f06fcb488c

New changelog entries:
  * SECURITY UPDATE: Pointer arithmetic undefined behaviour
    - debian/patches/CVE-2016-2177-pre.patch: check for ClientHello message
      overruns in ssl/s3_srvr.c.
    - debian/patches/CVE-2016-2177-pre2.patch: validate ClientHello
      extension field length in ssl/t1_lib.c.
    - debian/patches/CVE-2016-2177-pre3.patch: pass in a limit rather than
      calculate it in ssl/s3_srvr.c, ssl/ssl_locl.h, ssl/t1_lib.c.
    - debian/patches/CVE-2016-2177.patch: avoid undefined pointer
      arithmetic in ssl/s3_srvr.c, ssl/t1_lib.c,
    - CVE-2016-2177
  * SECURITY UPDATE: ECDSA P-256 timing attack key recovery
    - debian/patches/CVE-2016-7056.patch: use BN_mod_exp_mont_consttime in
      crypto/ec/ec.h, crypto/ec/ec_lcl.h, crypto/ec/ec_lib.c,
      crypto/ecdsa/ecs_ossl.c.
    - CVE-2016-7056
  * SECURITY UPDATE: DoS via warning alerts
    - debian/patches/CVE-2016-8610.patch: don't allow too many consecutive
      warning alerts in ssl/d1_pkt.c, ssl/s3_pkt.c, ssl/ssl.h,
      ssl/ssl_locl.h.
    - debian/patches/CVE-2016-8610-2.patch: fail if an unrecognised record
      type is received in ssl/s3_pkt.c.
    - CVE-2016-8610
  * SECURITY UPDATE: Truncated packet could crash via OOB read
    - debian/patches/CVE-2017-3731-pre.patch: sanity check
      EVP_CTRL_AEAD_TLS_AAD in crypto/evp/e_aes.c,
      crypto/evp/e_aes_cbc_hmac_sha1.c, crypto/evp/e_rc4_hmac_md5.c,
      crypto/evp/evp.h, ssl/t1_enc.c.
    - debian/patches/CVE-2017-3731.patch: harden RC4_MD5 cipher in
      crypto/evp/e_rc4_hmac_md5.c.
    - CVE-2017-3731

6676b09... by Marc Deslauriers on 2016-09-23

Import patches-unapplied version 1.0.1f-1ubuntu2.21 to ubuntu/trusty-security

Imported using git-ubuntu import.

Changelog parent: 8d857f4294631edbbccc8c4e6f8736ed483f6f20

New changelog entries:
  * SECURITY REGRESSION: incomplete fix for CVE-2016-2182 (LP: #1626883)
    - debian/patches/CVE-2016-2182-2.patch: fix off-by-one in overflow
      check in crypto/bn/bn_print.c.

8d857f4... by Marc Deslauriers on 2016-09-22

Import patches-unapplied version 1.0.1f-1ubuntu2.20 to ubuntu/trusty-security

Imported using git-ubuntu import.

Changelog parent: a94bd715da6b02b1343c2f2c226fed4fefcae57f

New changelog entries:
  * SECURITY UPDATE: Constant time flag not preserved in DSA signing
    - debian/patches/CVE-2016-2178-*.patch: preserve BN_FLG_CONSTTIME in
      crypto/dsa/dsa_ossl.c.
    - CVE-2016-2178
  * SECURITY UPDATE: DTLS buffered message DoS
    - debian/patches/CVE-2016-2179.patch: fix queue handling in
      ssl/d1_both.c, ssl/d1_clnt.c, ssl/d1_lib.c, ssl/d1_srvr.c,
      ssl/ssl_locl.h.
    - CVE-2016-2179
  * SECURITY UPDATE: OOB read in TS_OBJ_print_bio()
    - debian/patches/CVE-2016-2180.patch: fix text handling in
      crypto/ts/ts_lib.c.
    - CVE-2016-2180
  * SECURITY UPDATE: DTLS replay protection DoS
    - debian/patches/CVE-2016-2181-1.patch: properly handle unprocessed
      records in ssl/d1_pkt.c.
    - debian/patches/CVE-2016-2181-2.patch: protect against replay attacks
      in ssl/d1_pkt.c, ssl/ssl.h, ssl/ssl_err.c.
    - debian/patches/CVE-2016-2181-3.patch: update error code in ssl/ssl.h.
    - CVE-2016-2181
  * SECURITY UPDATE: OOB write in BN_bn2dec()
    - debian/patches/CVE-2016-2182.patch: don't overflow buffer in
      crypto/bn/bn_print.c.
    - CVE-2016-2182
  * SECURITY UPDATE: SWEET32 Mitigation
    - debian/patches/CVE-2016-2183.patch: move DES ciphersuites from HIGH
      to MEDIUM in ssl/s3_lib.c.
    - CVE-2016-2183
  * SECURITY UPDATE: Malformed SHA512 ticket DoS
    - debian/patches/CVE-2016-6302.patch: sanity check ticket length in
      ssl/t1_lib.c.
    - CVE-2016-6302
  * SECURITY UPDATE: OOB write in MDC2_Update()
    - debian/patches/CVE-2016-6303.patch: avoid overflow in
      crypto/mdc2/mdc2dgst.c.
    - CVE-2016-6303
  * SECURITY UPDATE: OCSP Status Request extension unbounded memory growth
    - debian/patches/CVE-2016-6304.patch: remove OCSP_RESPIDs from previous
      handshake in ssl/t1_lib.c.
    - CVE-2016-6304
  * SECURITY UPDATE: Certificate message OOB reads
    - debian/patches/CVE-2016-6306-1.patch: check lengths in ssl/s3_clnt.c,
      ssl/s3_srvr.c.
    - debian/patches/CVE-2016-6306-2.patch: make message buffer slightly
      larger in ssl/d1_both.c, ssl/s3_both.c.
    - CVE-2016-6306
  * SECURITY REGRESSION: DTLS regression (LP: #1622500)
    - debian/patches/CVE-2014-3571-3.patch: make DTLS always act as if
      read_ahead is set in ssl/s3_pkt.c.
  * debian/patches/update-expired-smime-test-certs.patch: Update test
    certificates that have expired and caused build test failures.

a94bd71... by Marc Deslauriers on 2016-04-28

Import patches-unapplied version 1.0.1f-1ubuntu2.19 to ubuntu/trusty-security

Imported using git-ubuntu import.

Changelog parent: b50cf40fa9aebb4db8e4b87a3e175bd27079a7f3

New changelog entries:
  * SECURITY UPDATE: EVP_EncodeUpdate overflow
    - debian/patches/CVE-2016-2105.patch: properly check lengths in
      crypto/evp/encode.c, add documentation to
      doc/crypto/EVP_EncodeInit.pod, doc/crypto/evp.pod.
    - CVE-2016-2105
  * SECURITY UPDATE: EVP_EncryptUpdate overflow
    - debian/patches/CVE-2016-2106.patch: fix overflow in
      crypto/evp/evp_enc.c.
    - CVE-2016-2106
  * SECURITY UPDATE: Padding oracle in AES-NI CBC MAC check
    - debian/patches/CVE-2016-2107.patch: check that there are enough
      padding characters in crypto/evp/e_aes_cbc_hmac_sha1.c.
    - CVE-2016-2107
  * SECURITY UPDATE: Memory corruption in the ASN.1 encoder
    - debian/patches/CVE-2016-2108-1.patch: don't mishandle zero if it is
      marked as negative in crypto/asn1/a_int.c.
    - debian/patches/CVE-2016-2108-2.patch: fix ASN1_INTEGER handling in
      crypto/asn1/a_type.c, crypto/asn1/asn1.h, crypto/asn1/tasn_dec.c,
      crypto/asn1/tasn_enc.c.
    - CVE-2016-2108
  * SECURITY UPDATE: ASN.1 BIO excessive memory allocation
    - debian/patches/CVE-2016-2109.patch: properly handle large amounts of
      data in crypto/asn1/a_d2i_fp.c.
    - CVE-2016-2109
  * debian/patches/min_1024_dh_size.patch: change minimum DH size from 768
    to 1024.

b50cf40... by Marc Deslauriers on 2016-02-29

Import patches-unapplied version 1.0.1f-1ubuntu2.18 to ubuntu/trusty-security

Imported using git-ubuntu import.

Changelog parent: 97632ff5aeff6a4a0868c9709c19c27418e8f84a

New changelog entries:
  * SECURITY UPDATE: side channel attack on modular exponentiation
    - debian/patches/CVE-2016-0702.patch: use constant-time calculations in
      crypto/bn/asm/x86_64-mont5.pl, crypto/bn/bn_exp.c,
      crypto/perlasm/x86_64-xlate.pl, crypto/constant_time_locl.h.
    - CVE-2016-0702
  * SECURITY UPDATE: double-free in DSA code
    - debian/patches/CVE-2016-0705.patch: fix double-free in
      crypto/dsa/dsa_ameth.c.
    - CVE-2016-0705
  * SECURITY UPDATE: BN_hex2bn/BN_dec2bn NULL pointer deref/heap corruption
    - debian/patches/CVE-2016-0797.patch: prevent overflow in
      crypto/bn/bn_print.c, crypto/bn/bn.h.
    - CVE-2016-0797
  * SECURITY UPDATE: memory leak in SRP database lookups
    - debian/patches/CVE-2016-0798.patch: disable SRP fake user seed and
      introduce new SRP_VBASE_get1_by_user function that handled seed
      properly in apps/s_server.c, crypto/srp/srp.h, crypto/srp/srp_vfy.c,
      util/libeay.num, openssl.ld.
    - CVE-2016-0798
  * SECURITY UPDATE: memory issues in BIO_*printf functions
    - debian/patches/CVE-2016-0799.patch: prevent overflow in
      crypto/bio/b_print.c.
    - CVE-2016-0799
  * debian/patches/preserve_digests_for_sni.patch: preserve negotiated
    digests for SNI when SSL_set_SSL_CTX is called in ssl/ssl_lib.c.
    (LP: #1550643)