lp://staging/ubuntu/karmic-security/openssl
- Get this branch:
- bzr branch lp://staging/ubuntu/karmic-security/openssl
Branch merges
Branch information
Recent revisions
- 38. By Steve Beattie
-
* SECURITY UPDATE: ciphersuite downgrade vulnerability
- ssl/s3_clnt.c, ssl/s3_srvr.c: disable workaround for Netscape
cipher suite bug
- http://openssl. org/news/ secadv_ 20101202. txt
- CVE-2010-4180 - 37. By Steve Beattie
-
* SECURITY UPDATE: TLS race condition leading to a buffer overflow and
possible code execution. (LP: #676243)
- ssl/t1_lib.c: stricter NULL/not-NULL checking
- http://openssl. org/news/ secadv_ 20101116. txt
- CVE-2010-3864 - 36. By Marc Deslauriers
-
* SECURITY UPDATE: denial of service and possible code execution via
unchecked bn_wexpand return values. (LP: #655884)
- crypto/bn/{bn_ mul,bn_ div,bn_ gf2m}.c, crypto/ ec/ec2_ smpl.c,
engines/e_ubsec. c: check return values.
- http://cvs.openssl. org/chngview? cn=18936
- http://cvs.openssl. org/chngview? cn=19309
- CVE-2009-3245
* SECURITY UPDATE: denial of service and possible code execution via
crafted private key with an invalid prime.
- ssl/s3_clnt.c: set bn_ctx to NULL after freeing it.
- http://<email address hidden>/msg28049. html
- CVE-2010-2939 - 35. By Marc Deslauriers
-
* SECURITY UPDATE: TLS renegotiation flaw (LP: #616759)
- apps/{s_cb,s_client, s_server} .c, doc/ssl/ SSL_CTX_ set_options. pod,
ssl/{d1_both, d1_clnt, d1_srvr, s3_both, s3_clnt, s3_pkt, s3_srvr, ssl_err,
ssl_lib,t1_ lib,t1_ reneg}. c, ssl/Makefile, ssl/{ssl3, ssl,ssl_ locl,
tls1}.h: backport rfc5746 support from openssl 0.9.8m.
- CVE-2009-3555 - 34. By Kees Cook
-
* SECURITY UPDATE: memory leak possible during state clean-up.
- crypto/comp/c_ zlib.c: upstream fixes applied inline.
- CVE-2009-4355 - 33. By Marc Deslauriers
-
* SECURITY UPDATE: certificate spoofing via hash collisions from MD2
design flaws.
- crypto/evp/c_alld. c, ssl/ssl_algs.c: disable MD2 digest.
- crypto/x509/x509_ vfy.c: skip signature check for self signed
certificates
- http://marc.info/ ?l=openssl- cvs&m=124508133 203041& w=2
- http://marc.info/ ?l=openssl- cvs&m=124704528 713852& w=2
- CVE-2009-2409 - 32. By Jamie Strandboge
-
* Patches forward ported from http://
www.ubuntu. com/usn/ USN-792- 1 (by
Marc Deslauriers)
* SECURITY UPDATE: denial of service via memory consumption from large
number of future epoch DTLS records.
- crypto/pqueue.*: add new pqueue_size counter function.
- ssl/d1_pkt.c: use pqueue_size to limit size of queue to 100.
- http://cvs.openssl. org/chngview? cn=18187
- CVE-2009-1377
* SECURITY UPDATE: denial of service via memory consumption from
duplicate or invalid sequence numbers in DTLS records.
- ssl/d1_both.c: discard message if it's a duplicate or too far in the
future.
- http://marc.info/ ?l=openssl- dev&m=124263491 424212& w=2
- CVE-2009-1378
* SECURITY UPDATE: denial of service or other impact via use-after-free
in dtls1_retrieve_buffered_ fragment.
- ssl/d1_both.c: use temp frag_len instead of freed frag.
- http://rt.openssl. org/Ticket/ Display. html?id= 1923&user= guest&pass= guest
- CVE-2009-1379
* SECURITY UPDATE: denial of service via DTLS ChangeCipherSpec packet
that occurs before ClientHello.
- ssl/s3_pkt.c: abort if s->session is NULL.
- ssl/{ssl.h,ssl_err. c}: add new error codes.
- http://cvs.openssl. org/chngview? cn=17369
- CVE-2009-1386
* SECURITY UPDATE: denial of service via an out-of-sequence DTLS
handshake message.
- ssl/d1_both.c: don't buffer fragments with no data.
- http://cvs.openssl. org/chngview? cn=17958
- CVE-2009-1387 - 31. By Jamie Strandboge
-
* Merge from debian unstable, remaining changes:
- Link using -Bsymbolic-functions
- Add support for lpia
- Disable SSLv2 during compile
- Ship documentation in openssl-doc, suggested by the package.
- Use a different priority for libssl0.9.8/restart- services
depending on whether a desktop, or server dist-upgrade is being
performed.
- Display a system restart required notification bubble on libssl0.9.8
upgrade.
- Replace duplicate files in the doc directory with symlinks. - 30. By Jamie Strandboge
-
* SECURITY UPDATE: crash via invalid memory access when printing BMPString
or UniversalString with invalid length
- crypto/asn1/tasn_ dec.c, crypto/ asn1/asn1_ err.c and crypto/asn1/asn1.h:
return error if invalid length
- CVE-2009-0590
- http://www.openssl. org/news/ secadv_ 20090325. txt
- patch from upstream CVS:
crypto/asn1/asn1. h:1.128. 2.11->1. 128.2.12
crypto/asn1/asn1_ err.c:1. 54.2.4- >1.54.2. 5
crypto/asn1/tasn_ dec.c:1. 26.2.10- >1.26.2. 11 - 29. By Colin Watson
-
Move runtime libraries to /lib, for the benefit of wpasupplicant
(LP: #44194). Leave symlinks behind in /usr/lib (except on the Hurd)
since we used to set an rpath there.
Branch metadata
- Branch format:
- Branch format 7
- Repository format:
- Bazaar repository format 2a (needs bzr 1.16 or later)
- Stacked on:
- lp://staging/ubuntu/lucid/openssl