lp://staging/ubuntu/lucid-security/openssl
- Get this branch:
- bzr branch lp://staging/ubuntu/lucid-security/openssl
Branch merges
Branch information
Recent revisions
- 61. By Marc Deslauriers
-
* SECURITY UPDATE: denial of service and possible memory corruption via
malformed EC private key
- debian/patches/ CVE-2015- 0209.patch: fix use after free in
crypto/ec/ec_asn1. c.
- debian/patches/ CVE-2015- 0209-2. patch: fix a failure to NULL a pointer
freed on error in crypto/asn1/x_ x509.c, crypto/ ec/ec_asn1. c.
- CVE-2015-0209
* SECURITY UPDATE: denial of service via cert verification
- debian/patches/ CVE-2015- 0286.patch: handle boolean types in
crypto/asn1/a_ type.c.
- CVE-2015-0286
* SECURITY UPDATE: ASN.1 structure reuse memory corruption
- debian/patches/ CVE-2015- 0287.patch: free up structures in
crypto/asn1/tasn_ dec.c.
- CVE-2015-0287
* SECURITY UPDATE: denial of service via invalid certificate key
- debian/patches/ CVE-2015- 0288.patch: check public key isn't NULL in
crypto/x509/x509_ req.c.
- CVE-2015-0288
* SECURITY UPDATE: denial of service and possible code execution via
PKCS#7 parsing
- debian/patches/ CVE-2015- 0289.patch: handle missing content in
crypto/pkcs7/pk7_ doit.c, crypto/ pkcs7/pk7_ lib.c.
- CVE-2015-0289
* SECURITY UPDATE: denial of service or memory corruption via base64
decoding
- debian/patches/ CVE-2015- 0292.patch: prevent underflow in
crypto/evp/encode. c.
- CVE-2015-0292
* SECURITY UPDATE: denial of service via assert in SSLv2 servers
- debian/patches/ CVE-2015- 0293.patch: check key lengths in
ssl/s2_lib.c, ssl/s2_srvr.c.
- debian/patches/ CVE-2015- 0293-2. patch: fix unsigned/signed warnings in
ssl/s2_srvr.c.
- CVE-2015-0293 - 60. By Marc Deslauriers
-
* SECURITY UPDATE: denial of service via unexpected handshake when
no-ssl3 build option is used (not the default)
- debian/patches/ CVE-2014- 3569.patch: keep the old method for now in
ssl/s23_srvr.c.
- CVE-2014-3569
* SECURITY UPDATE: bignum squaring may produce incorrect results
- debian/patches/ CVE-2014- 3570.patch: fix bignum logic in
crypto/bn/asm/ mips3.s, crypto/ bn/asm/ x86_64- gcc.c,
crypto/bn/bn_asm. c, added test to crypto/bn/bntest.c.
- CVE-2014-3570
* SECURITY UPDATE: DTLS segmentation fault in dtls1_get_record
- debian/patches/ CVE-2014- 3571.patch: fix crash in ssl/d1_pkt.c,
ssl/s3_pkt.c.
- CVE-2014-3571
* SECURITY UPDATE: ECDHE silently downgrades to ECDH [Client]
- debian/patches/ CVE-2014- 3572.patch: don't skip server key exchange in
ssl/s3_clnt.c.
- CVE-2014-3572
* SECURITY UPDATE: certificate fingerprints can be modified
- debian/patches/ CVE-2014- 8275.patch: fix various fingerprint issues in
crypto/asn1/a_ bitstr. c, crypto/ asn1/a_ type.c, crypto/ asn1/a_ verify. c,
crypto/asn1/asn1. h, crypto/ asn1/asn1_ err.c, crypto/ asn1/x_ algor.c,
crypto/dsa/dsa_ asn1.c, crypto/ ecdsa/ecs_ vrf.c, crypto/x509/x509.h,
crypto/x509/x_ all.c, util/libeay.num.
- CVE-2014-8275
* SECURITY UPDATE: RSA silently downgrades to EXPORT_RSA [Client]
- debian/patches/ CVE-2015- 0204.patch: only allow ephemeral RSA keys in
export ciphersuites in ssl/d1_srvr.c, ssl/s3_clnt.c, ssl/s3_srvr.c,
ssl/ssl.h, adjust documentation in doc/ssl/SSL_CTX_ set_options. pod,
doc/ssl/SSL_ CTX_set_ tmp_rsa_ callback. pod.
- CVE-2015-0204 - 59. By Marc Deslauriers
-
* SECURITY UPDATE: denial of service via session ticket integrity check
memory leak
- debian/patches/ CVE-2014- 3567.patch: perform cleanup in ssl/t1_lib.c.
- CVE-2014-3567
* SECURITY UPDATE: fix the no-ssl3 build option
- debian/patches/ CVE-2014- 3568.patch: fix conditional code in
ssl/s23_clnt.c, ssl/s23_srvr.c.
- CVE-2014-3568
* SECURITY IMPROVEMENT: Added TLS_FALLBACK_SCSV support to mitigate a
protocol downgrade attack to SSLv3 that exposes the POODLE attack.
- debian/patches/ tls_fallback_ scsv_support. patch: added support for
TLS_FALLBACK_ SCSV in apps/s_client.c, crypto/ err/openssl. ec,
ssl/d1_lib.c, ssl/dtls1.h, ssl/s23_clnt.c, ssl/s23_srvr.c,
ssl/s2_lib.c, ssl/s3_enc.c, ssl/s3_lib.c, ssl/ssl.h, ssl/ssl3.h,
ssl/ssl_err.c, ssl/ssl_lib.c, ssl/t1_enc.c, ssl/tls1.h,
ssl/ssl_locl.h, doc/apps/s_client. pod, doc/ssl/ SSL_CTX_ set_mode. pod. - 58. By Marc Deslauriers
-
* SECURITY UPDATE: Properly fix stateless session support (LP: #1356843)
- fixes regression introduced with fix_renegotiation.patch.
- debian/patches/ fix_stateless_ session. patch: added two commits from
git to properly handle stateless sessions in ssl/s3_srvr.c,
ssl/ssl_asn1.c, ssl/t1_lib.c. - 57. By Marc Deslauriers
-
* SECURITY UPDATE: double free when processing DTLS packets
- debian/patches/ CVE-2014- 3505.patch: fix double free in ssl/d1_both.c.
- CVE-2014-3505
* SECURITY UPDATE: DTLS memory exhaustion
- debian/patches/ CVE-2014- 3506.patch: fix DTLS handshake message size
checks in ssl/d1_both.c.
- CVE-2014-3506
* SECURITY UPDATE: information leak in pretty printing functions
- debian/patches/ CVE-2014- 3508.patch: fix OID handling in
crypto/asn1/a_ object. c, crypto/ objects/ obj_dat. c, crypto/asn1/asn1.h,
crypto/asn1/asn1_ err.c.
- CVE-2014-3508
* SECURITY UPDATE: DTLS anonymous EC(DH) denial of service
- debian/patches/ CVE-2014- 3510.patch: check for server certs in
ssl/d1_clnt.c, ssl/s3_clnt.c.
- CVE-2014-3510
* SECURITY UPDATE: TLS protocol downgrade attack
- debian/patches/ CVE-2014- 3511.patch: properly handle fragments in
ssl/s23_srvr.c.
- CVE-2014-3511 - 56. By Marc Deslauriers
-
* SECURITY UPDATE: regression with certain renegotiations (LP: #1332643)
- debian/patches/ CVE-2014- 0224-regression 2.patch: accept CCS after
sending finished ssl/s3_clnt.c. - 55. By Marc Deslauriers
-
* SECURITY UPDATE: MITM via change cipher spec
- debian/patches/ CVE-2014- 0224-1. patch: only accept change cipher spec
when it is expected in ssl/s3_clnt.c, ssl/s3_pkt.c, ssl/s3_srvr.c,
ssl/ssl3.h.
- debian/patches/ CVE-2014- 0224-2. patch: don't accept zero length master
secrets in ssl/s3_pkt.c.
- debian/patches/ CVE-2014- 0224-3. patch: allow CCS after resumption in
ssl/s3_clnt.c.
- debian/patches/ fix_renegotiati on.patch: add upstream commit to fix
renegotiation in ssl/s3_clnt.c, ssl/t1_lib.c.
- CVE-2014-0224
* SECURITY UPDATE: denial of service via DTLS recursion flaw
- debian/patches/ CVE-2014- 0221.patch: handle DTLS hello request without
recursion in ssl/d1_both.c.
- CVE-2014-0221 - 54. By Seth Arnold
-
* SECURITY UPDATE: Disable compression to avoid CRIME systemwide
(LP: #1187195)
- CVE-2012-4929
- debian/patches/ openssl- 1.0.1e- env-zlib. patch: disable default use of
zlib to compress SSL/TLS unless the environment variable
OPENSSL_DEFAULT_ ZLIB is set in the environment during library
initialization.
- Introduced to assist with programs not yet updated to provide their own
controls on compression, such as Postfix
- http://pkgs.fedoraproj ect.org/ cgit/openssl. git/plain/ openssl- 1.0.1e- env-zlib. patch - 53. By Marc Deslauriers
-
* SECURITY UPDATE: denial of service via invalid OCSP key
- debian/patches/ CVE-2013- 0166.patch: properly handle NULL key in
crypto/asn1/a_ verify. c, crypto/ ocsp/ocsp_ vfy.c.
- CVE-2013-0166
* SECURITY UPDATE: "Lucky Thirteen" timing side-channel TLS attack
- debian/patches/ CVE-2013- 0169.patch: massive code changes
- CVE-2013-0169 - 52. By Steve Beattie
-
* SECURITY UPDATE: denial of service attack in DTLS implementation
- debian/patches/ CVE_2012- 2333.patch: guard for integer overflow
before skipping explicit IV
- CVE-2012-2333
* SECURITY UPDATE: million message attack (MMA) in CMS and PKCS #7
- debian/patches/ CVE-2012- 0884.patch: use a random key if RSA
decryption fails to avoid leaking timing information
- CVE-2012-0884
* debian/patches/ CVE-2012- 0884-extra. patch: detect symmetric crypto
errors in PKCS7_decrypt and initialize tkeylen properly when
encrypting CMS messages.
Branch metadata
- Branch format:
- Branch format 7
- Repository format:
- Bazaar repository format 2a (needs bzr 1.16 or later)
- Stacked on:
- lp://staging/ubuntu/maverick/openssl