-
openssl (0.9.8k-7ubuntu8.27) lucid-security; urgency=medium
* SECURITY UPDATE: denial of service and possible memory corruption via
malformed EC private key
- debian/patches/CVE-2015-0209.patch: fix use after free in
crypto/ec/ec_asn1.c.
- debian/patches/CVE-2015-0209-2.patch: fix a failure to NULL a pointer
freed on error in crypto/asn1/x_x509.c, crypto/ec/ec_asn1.c.
- CVE-2015-0209
* SECURITY UPDATE: denial of service via cert verification
- debian/patches/CVE-2015-0286.patch: handle boolean types in
crypto/asn1/a_type.c.
- CVE-2015-0286
* SECURITY UPDATE: ASN.1 structure reuse memory corruption
- debian/patches/CVE-2015-0287.patch: free up structures in
crypto/asn1/tasn_dec.c.
- CVE-2015-0287
* SECURITY UPDATE: denial of service via invalid certificate key
- debian/patches/CVE-2015-0288.patch: check public key isn't NULL in
crypto/x509/x509_req.c.
- CVE-2015-0288
* SECURITY UPDATE: denial of service and possible code execution via
PKCS#7 parsing
- debian/patches/CVE-2015-0289.patch: handle missing content in
crypto/pkcs7/pk7_doit.c, crypto/pkcs7/pk7_lib.c.
- CVE-2015-0289
* SECURITY UPDATE: denial of service or memory corruption via base64
decoding
- debian/patches/CVE-2015-0292.patch: prevent underflow in
crypto/evp/encode.c.
- CVE-2015-0292
* SECURITY UPDATE: denial of service via assert in SSLv2 servers
- debian/patches/CVE-2015-0293.patch: check key lengths in
ssl/s2_lib.c, ssl/s2_srvr.c.
- debian/patches/CVE-2015-0293-2.patch: fix unsigned/signed warnings in
ssl/s2_srvr.c.
- CVE-2015-0293
-- Marc Deslauriers <email address hidden> Thu, 19 Mar 2015 09:57:59 -0400
-
openssl (0.9.8k-7ubuntu8.23) lucid-security; urgency=medium
* SECURITY UPDATE: denial of service via unexpected handshake when
no-ssl3 build option is used (not the default)
- debian/patches/CVE-2014-3569.patch: keep the old method for now in
ssl/s23_srvr.c.
- CVE-2014-3569
* SECURITY UPDATE: bignum squaring may produce incorrect results
- debian/patches/CVE-2014-3570.patch: fix bignum logic in
crypto/bn/asm/mips3.s, crypto/bn/asm/x86_64-gcc.c,
crypto/bn/bn_asm.c, added test to crypto/bn/bntest.c.
- CVE-2014-3570
* SECURITY UPDATE: DTLS segmentation fault in dtls1_get_record
- debian/patches/CVE-2014-3571.patch: fix crash in ssl/d1_pkt.c,
ssl/s3_pkt.c.
- CVE-2014-3571
* SECURITY UPDATE: ECDHE silently downgrades to ECDH [Client]
- debian/patches/CVE-2014-3572.patch: don't skip server key exchange in
ssl/s3_clnt.c.
- CVE-2014-3572
* SECURITY UPDATE: certificate fingerprints can be modified
- debian/patches/CVE-2014-8275.patch: fix various fingerprint issues in
crypto/asn1/a_bitstr.c, crypto/asn1/a_type.c, crypto/asn1/a_verify.c,
crypto/asn1/asn1.h, crypto/asn1/asn1_err.c, crypto/asn1/x_algor.c,
crypto/dsa/dsa_asn1.c, crypto/ecdsa/ecs_vrf.c, crypto/x509/x509.h,
crypto/x509/x_all.c, util/libeay.num.
- CVE-2014-8275
* SECURITY UPDATE: RSA silently downgrades to EXPORT_RSA [Client]
- debian/patches/CVE-2015-0204.patch: only allow ephemeral RSA keys in
export ciphersuites in ssl/d1_srvr.c, ssl/s3_clnt.c, ssl/s3_srvr.c,
ssl/ssl.h, adjust documentation in doc/ssl/SSL_CTX_set_options.pod,
doc/ssl/SSL_CTX_set_tmp_rsa_callback.pod.
- CVE-2015-0204
-- Marc Deslauriers <email address hidden> Fri, 09 Jan 2015 11:16:50 -0500
-
openssl (0.9.8k-7ubuntu8.22) lucid-security; urgency=medium
* SECURITY UPDATE: denial of service via session ticket integrity check
memory leak
- debian/patches/CVE-2014-3567.patch: perform cleanup in ssl/t1_lib.c.
- CVE-2014-3567
* SECURITY UPDATE: fix the no-ssl3 build option
- debian/patches/CVE-2014-3568.patch: fix conditional code in
ssl/s23_clnt.c, ssl/s23_srvr.c.
- CVE-2014-3568
* SECURITY IMPROVEMENT: Added TLS_FALLBACK_SCSV support to mitigate a
protocol downgrade attack to SSLv3 that exposes the POODLE attack.
- debian/patches/tls_fallback_scsv_support.patch: added support for
TLS_FALLBACK_SCSV in apps/s_client.c, crypto/err/openssl.ec,
ssl/d1_lib.c, ssl/dtls1.h, ssl/s23_clnt.c, ssl/s23_srvr.c,
ssl/s2_lib.c, ssl/s3_enc.c, ssl/s3_lib.c, ssl/ssl.h, ssl/ssl3.h,
ssl/ssl_err.c, ssl/ssl_lib.c, ssl/t1_enc.c, ssl/tls1.h,
ssl/ssl_locl.h, doc/apps/s_client.pod, doc/ssl/SSL_CTX_set_mode.pod.
-- Marc Deslauriers <email address hidden> Wed, 15 Oct 2014 13:17:00 -0400
-
openssl (0.9.8k-7ubuntu8.21) lucid-security; urgency=medium
* SECURITY UPDATE: Properly fix stateless session support (LP: #1356843)
- fixes regression introduced with fix_renegotiation.patch.
- debian/patches/fix_stateless_session.patch: added two commits from
git to properly handle stateless sessions in ssl/s3_srvr.c,
ssl/ssl_asn1.c, ssl/t1_lib.c.
-- Marc Deslauriers <email address hidden> Mon, 18 Aug 2014 11:17:08 -0400
-
openssl (0.9.8k-7ubuntu8.20) lucid-security; urgency=medium
* SECURITY UPDATE: double free when processing DTLS packets
- debian/patches/CVE-2014-3505.patch: fix double free in ssl/d1_both.c.
- CVE-2014-3505
* SECURITY UPDATE: DTLS memory exhaustion
- debian/patches/CVE-2014-3506.patch: fix DTLS handshake message size
checks in ssl/d1_both.c.
- CVE-2014-3506
* SECURITY UPDATE: information leak in pretty printing functions
- debian/patches/CVE-2014-3508.patch: fix OID handling in
crypto/asn1/a_object.c, crypto/objects/obj_dat.c, crypto/asn1/asn1.h,
crypto/asn1/asn1_err.c.
- CVE-2014-3508
* SECURITY UPDATE: DTLS anonymous EC(DH) denial of service
- debian/patches/CVE-2014-3510.patch: check for server certs in
ssl/d1_clnt.c, ssl/s3_clnt.c.
- CVE-2014-3510
* SECURITY UPDATE: TLS protocol downgrade attack
- debian/patches/CVE-2014-3511.patch: properly handle fragments in
ssl/s23_srvr.c.
- CVE-2014-3511
-- Marc Deslauriers <email address hidden> Thu, 07 Aug 2014 08:48:43 -0400
-
openssl (0.9.8k-7ubuntu8.19) lucid-security; urgency=medium
* SECURITY UPDATE: regression with certain renegotiations (LP: #1332643)
- debian/patches/CVE-2014-0224-regression2.patch: accept CCS after
sending finished ssl/s3_clnt.c.
-- Marc Deslauriers <email address hidden> Fri, 20 Jun 2014 13:59:20 -0400
-
openssl (0.9.8k-7ubuntu8.18) lucid-security; urgency=medium
* SECURITY UPDATE: MITM via change cipher spec
- debian/patches/CVE-2014-0224-1.patch: only accept change cipher spec
when it is expected in ssl/s3_clnt.c, ssl/s3_pkt.c, ssl/s3_srvr.c,
ssl/ssl3.h.
- debian/patches/CVE-2014-0224-2.patch: don't accept zero length master
secrets in ssl/s3_pkt.c.
- debian/patches/CVE-2014-0224-3.patch: allow CCS after resumption in
ssl/s3_clnt.c.
- debian/patches/fix_renegotiation.patch: add upstream commit to fix
renegotiation in ssl/s3_clnt.c, ssl/t1_lib.c.
- CVE-2014-0224
* SECURITY UPDATE: denial of service via DTLS recursion flaw
- debian/patches/CVE-2014-0221.patch: handle DTLS hello request without
recursion in ssl/d1_both.c.
- CVE-2014-0221
-- Marc Deslauriers <email address hidden> Wed, 04 Jun 2014 19:32:47 -0400
-
openssl (0.9.8k-7ubuntu8.15) lucid-security; urgency=low
* SECURITY UPDATE: Disable compression to avoid CRIME systemwide
(LP: #1187195)
- CVE-2012-4929
- debian/patches/openssl-1.0.1e-env-zlib.patch: disable default use of
zlib to compress SSL/TLS unless the environment variable
OPENSSL_DEFAULT_ZLIB is set in the environment during library
initialization.
- Introduced to assist with programs not yet updated to provide their own
controls on compression, such as Postfix
- http://pkgs.fedoraproject.org/cgit/openssl.git/plain/openssl-1.0.1e-env-zlib.patch
-- Seth Arnold <email address hidden> Mon, 03 Jun 2013 20:37:34 -0700
-
openssl (0.9.8k-7ubuntu8.14) lucid-security; urgency=low
* SECURITY UPDATE: denial of service via invalid OCSP key
- debian/patches/CVE-2013-0166.patch: properly handle NULL key in
crypto/asn1/a_verify.c, crypto/ocsp/ocsp_vfy.c.
- CVE-2013-0166
* SECURITY UPDATE: "Lucky Thirteen" timing side-channel TLS attack
- debian/patches/CVE-2013-0169.patch: massive code changes
- CVE-2013-0169
-- Marc Deslauriers <email address hidden> Mon, 18 Feb 2013 15:23:14 -0500
-
openssl (0.9.8k-7ubuntu8.13) lucid-security; urgency=low
* SECURITY UPDATE: denial of service attack in DTLS implementation
- debian/patches/CVE_2012-2333.patch: guard for integer overflow
before skipping explicit IV
- CVE-2012-2333
* SECURITY UPDATE: million message attack (MMA) in CMS and PKCS #7
- debian/patches/CVE-2012-0884.patch: use a random key if RSA
decryption fails to avoid leaking timing information
- CVE-2012-0884
* debian/patches/CVE-2012-0884-extra.patch: detect symmetric crypto
errors in PKCS7_decrypt and initialize tkeylen properly when
encrypting CMS messages.
-- Steve Beattie <email address hidden> Tue, 22 May 2012 16:11:28 -0700
-
openssl (0.9.8k-7ubuntu8.11) lucid-security; urgency=low
* SECURITY UPDATE: incomplete fix for CVE-2012-2110
- debian/patches/CVE-2012-2131.patch: also verify 'len' in BUF_MEM_grow
and BUF_MEM_grow_clean is non-negative
- CVE-2012-2131
* debian/patches/CVE-2012-2110b.patch: Use correct error code in
BUF_MEM_grow_clean()
-- Jamie Strandboge <email address hidden> Tue, 24 Apr 2012 08:32:06 -0500
-
openssl (0.9.8k-7ubuntu8.10) lucid-security; urgency=low
* SECURITY UPDATE: NULL pointer dereference in S/MIME messages with broken
headers
- debian/patches/CVE-2006-7250+2012-1165.patch: adjust mime_hdr_cmp()
and mime_param_cmp() to not dereference the compared strings if either
is NULL
- CVE-2006-7250
- CVE-2012-1165
* SECURITY UPDATE: fix various overflows
- debian/patches/CVE-2012-2110.patch: adjust crypto/a_d2i_fp.c,
crypto/buffer.c and crypto/mem.c to verify size of lengths
- CVE-2012-2110
-- Jamie Strandboge <email address hidden> Thu, 19 Apr 2012 10:24:54 -0500
-
openssl (0.9.8k-7ubuntu8.8) lucid-security; urgency=low
* SECURITY UPDATE: ECDSA private key timing attack
- debian/patches/CVE-2011-1945.patch: compute with fixed scalar
length
- CVE-2011-1945
* SECURITY UPDATE: ECDH ciphersuite denial of service
- debian/patches/CVE-2011-3210.patch: fix memory usage for thread
safety
- CVE-2011-3210
* SECURITY UPDATE: DTLS plaintext recovery attack
- debian/patches/CVE-2011-4108.patch: perform all computations
before discarding messages
- CVE-2011-4108
* SECURITY UPDATE: policy check double free vulnerability
- debian/patches/CVE-2011-4019.patch: only free domain policyin
one location
- CVE-2011-4019
* SECURITY UPDATE: SSL 3.0 block padding exposure
- debian/patches/CVE-2011-4576.patch: clear bytes used for block
padding of SSL 3.0 records.
- CVE-2011-4576
* SECURITY UPDATE: malformed RFC 3779 data denial of service attack
- debian/patches/CVE-2011-4577.patch: prevent malformed RFC3779
data from triggering an assertion failure
- CVE-2011-4577
* SECURITY UPDATE: Server Gated Cryptography (SGC) denial of service
- debian/patches/CVE-2011-4619.patch: Only allow one SGC handshake
restart for SSL/TLS.
- CVE-2011-4619
* SECURITY UPDATE: fix for CVE-2011-4108 denial of service attack
- debian/patches/CVE-2012-0050.patch: improve handling of DTLS MAC
- CVE-2012-0050
* debian/patches/openssl-fix_ECDSA_tests.patch: fix ECDSA tests
* debian/libssl0.9.8.postinst: Only issue the reboot notification for
servers by testing that the X server is not running (LP: #244250)
-- Steve Beattie <email address hidden> Tue, 31 Jan 2012 01:41:34 -0800
-
openssl (0.9.8k-7ubuntu8.6) lucid-security; urgency=low
* SECURITY UPDATE: OCSP stapling vulnerability
- debian/patched/openssl-CVE-2011-0014-secadv_20110208.patch:
stricter parsing of ClientHello message in ssl/t1_lib.c
- CVE-2011-0014
* Forward TLS version interop patch
- debian/patches/openssl-forward-interop.patch
- Handle TLS versions 2.0 and later properly and correctly use
the highest version of TLS/SSL supported. Although TLS >=
2.0 is some way off ancient servers have a habit of sticking
around for a while...
[Steve Henson]
-- Steve Beattie <email address hidden> Wed, 09 Feb 2011 16:47:44 -0800
-
openssl (0.9.8k-7ubuntu8.5) lucid-security; urgency=low
* SECURITY UPDATE: ciphersuite downgrade vulnerability
- openssl-CVE-2010-4180-secadv_20101202-0.9.8.patch:
disable workaround for Netscape cipher suite bug in ssl/s3_clnt.c
and ssl/s3_srvr.c
- CVE-2010-4180
-- Steve Beattie <email address hidden> Fri, 03 Dec 2010 11:31:43 -0800
-
openssl (0.9.8k-7ubuntu8.4) lucid-security; urgency=low
* SECURITY UPDATE: TLS race condition leading to a buffer overflow and
possible code execution. (LP: #676243)
- patches/debian/openssl-CVE-2010-3864-secadv_20101116-0.9.8.patch:
stricter NULL/not-NULL checking in ssl/t1_lib.c
- CVE-2010-3864
-- Steve Beattie <email address hidden> Tue, 16 Nov 2010 15:03:28 -0800
-
openssl (0.9.8k-7ubuntu8.3) lucid-security; urgency=low
* SECURITY UPDATE: denial of service and possible code execution via
crafted private key with an invalid prime.
- debian/patches/CVE-2010-2939.patch: set bn_ctx to NULL after freeing
it in ssl/s3_clnt.c.
- CVE-2010-2939
-- Marc Deslauriers <email address hidden> Wed, 06 Oct 2010 16:54:34 -0400
-
openssl (0.9.8k-7ubuntu8.2) lucid-proposed; urgency=low
* Update AES-NI patch to openssl-0.9.8-aesni-modes-perlasm-win32-v4.patch
from http://rt.openssl.org/Ticket/Display.html?id=2067, fixing segfault
on engine initialisation (LP: #590639).
-- Colin Watson <email address hidden> Fri, 24 Sep 2010 12:25:28 +0100
-
openssl (0.9.8k-7ubuntu8.1) lucid-security; urgency=low
* SECURITY UPDATE: TLS renegotiation flaw (LP: #616759)
- debian/patches/CVE-2009-3555-RFC5746.patch: backport rfc5746 support
from openssl 0.9.8m.
- CVE-2009-3555
-- Marc Deslauriers <email address hidden> Thu, 12 Aug 2010 08:30:03 -0400
-
openssl (0.9.8k-7ubuntu8) lucid; urgency=low
* SECURITY UPDATE: denial of service and possible arbitrary code
execution via unchecked return values
- debian/patches/CVE-2009-3245.patch: check bn_wexpand return value in
crypto/bn/{bn_div.c,bn_gf2m.c,bn_mul.c}, crypto/ec/ec2_smpl.c,
engines/e_ubsec.c.
- CVE-2009-3245
* SECURITY UPDATE: denial of service via "record of death"
- debian/patches/CVE-2010-0740.patch: only send back minor version
number in ssl/s3_pkt.c.
- CVE-2010-0740
-- Marc Deslauriers <email address hidden> Tue, 30 Mar 2010 08:57:51 -0400
-
openssl (0.9.8k-7ubuntu7) lucid; urgency=low
* debian/patches/dtls-compatibility.patch: backport dtls compatibility
code from 0.9.8m to fix interopability. (LP: #516318)
-- Marc Deslauriers <email address hidden> Fri, 26 Mar 2010 08:31:09 -0400
-
openssl (0.9.8k-7ubuntu6) lucid; urgency=low
* Backport Intel AES-NI support from
http://rt.openssl.org/Ticket/Display.html?id=2067 (LP: #485518).
* Don't change perl #! paths under .pc.
-- Colin Watson <email address hidden> Mon, 01 Feb 2010 15:40:27 -0800
-
openssl (0.9.8k-7ubuntu5) lucid; urgency=low
* SECURITY UPDATE: memory leak possible during state clean-up.
- Add CVE-2009-4355.patch, upstream fixes thanks to Debian.
-- Kees Cook <email address hidden> Fri, 22 Jan 2010 09:50:01 -0800
-
openssl (0.9.8k-7ubuntu4) lucid; urgency=low
* Use host compiler when cross-building (patch from Neil Williams in
Debian #465248).
* Don't run 'make test' when cross-building.
* Create libssl0.9.8-udeb, for the benefit of wget-udeb (LP: #503339).
-- Colin Watson <email address hidden> Tue, 05 Jan 2010 16:09:38 +0000
-
openssl (0.9.8k-7ubuntu3) lucid; urgency=low
* debian/patches/disable-sslv2.patch: remove and apply inline to fix
FTBFS when patch won't revert during the build process.
-- Marc Deslauriers <email address hidden> Mon, 07 Dec 2009 21:00:47 -0500
-
openssl (0.9.8k-7ubuntu2) lucid; urgency=low
* debian/patches/{disable-sslv2,Bsymbolic-functions}.patch: apply
Makefile sections inline as once the package is configured during the
build process, the patches wouldn't revert anymore, causing a FTBFS on
anything other than amd64.
-- Marc Deslauriers <email address hidden> Mon, 07 Dec 2009 19:52:15 -0500
-
openssl (0.9.8k-7ubuntu1) lucid; urgency=low
* Merge from debian unstable, remaining changes (LP: #493392):
- Link using -Bsymbolic-functions
- Add support for lpia
- Disable SSLv2 during compile
- Ship documentation in openssl-doc, suggested by the package.
- Use a different priority for libssl0.9.8/restart-services
depending on whether a desktop, or server dist-upgrade is being
performed.
- Display a system restart required notification bubble on libssl0.9.8
upgrade.
- Replace duplicate files in the doc directory with symlinks.
- Move runtime libraries to /lib, for the benefit of wpasupplicant
* Strip the patches out of the source into quilt patches
* Disable CVE-2009-3555.patch
-- Nicolas Valcarcel Scerpella (Canonical) <email address hidden> Sun, 06 Dec 2009 20:16:24 -0500
-
openssl (0.9.8g-16ubuntu3) karmic; urgency=low
* SECURITY UPDATE: certificate spoofing via hash collisions from MD2
design flaws.
- crypto/evp/c_alld.c, ssl/ssl_algs.c: disable MD2 digest.
- crypto/x509/x509_vfy.c: skip signature check for self signed
certificates
- http://marc.info/?l=openssl-cvs&m=124508133203041&w=2
- http://marc.info/?l=openssl-cvs&m=124704528713852&w=2
- CVE-2009-2409
-- Marc Deslauriers <email address hidden> Tue, 08 Sep 2009 14:59:05 -0400
