-
openssl (1.0.1f-1ubuntu9.8) utopic-security; urgency=medium
* SECURITY IMPROVEMENT: reject dh keys smaller than 768 bits
- debian/patches/reject_small_dh.patch: reject small dh keys in
ssl/s3_clnt.c, ssl/ssl.h, ssl/ssl_err.c, update documentation in
doc/ssl/SSL_CTX_set_tmp_dh_callback.pod, make s_server use 2048-bit
dh in apps/s_server.c, clarify docs in doc/apps/dhparam.pod.
* SECURITY UPDATE: denial of service and possible code execution via
invalid free in DTLS
- debian/patches/CVE-2014-8176.patch: fix invalid free in ssl/d1_lib.c.
- CVE-2014-8176
* SECURITY UPDATE: denial of service via malformed ECParameters
- debian/patches/CVE-2015-1788.patch: improve logic in
crypto/bn/bn_gf2m.c.
- CVE-2015-1788
* SECURITY UPDATE: denial of service via out-of-bounds read in
X509_cmp_time
- debian/patches/CVE-2015-1789.patch: properly parse time format in
crypto/x509/x509_vfy.c.
- CVE-2015-1789
* SECURITY UPDATE: denial of service via missing EnvelopedContent
- debian/patches/CVE-2015-1790.patch: handle NULL data_body in
crypto/pkcs7/pk7_doit.c.
- CVE-2015-1790
* SECURITY UPDATE: race condition in NewSessionTicket
- debian/patches/CVE-2015-1791.patch: create a new session in
ssl/s3_clnt.c, ssl/ssl.h, ssl/ssl_err.c, ssl/ssl_locl.h,
ssl/ssl_sess.c.
- debian/patches/CVE-2015-1791-2.patch: fix kerberos issue in
ssl/ssl_sess.c.
- debian/patches/CVE-2015-1791-3.patch: more ssl_session_dup fixes in
ssl/ssl_sess.c.
- CVE-2015-1791
* SECURITY UPDATE: CMS verify infinite loop with unknown hash function
- debian/patches/CVE-2015-1792.patch: fix infinite loop in
crypto/cms/cms_smime.c.
- CVE-2015-1792
-- Marc Deslauriers <email address hidden> Thu, 11 Jun 2015 07:12:10 -0400
-
openssl (1.0.1f-1ubuntu9.5) utopic-security; urgency=medium
* SECURITY IMPROVEMENT: Disable EXPORT ciphers by default
- debian/patches/disable_export_ciphers.patch: remove export ciphers
from the DEFAULT cipher list in ssl/ssl.h, ssl/ssl_ciph.c,
doc/apps/ciphers.pod.
-- Marc Deslauriers <email address hidden> Thu, 28 May 2015 08:57:29 -0400
-
openssl (1.0.1f-1ubuntu9.4) utopic-security; urgency=medium
* SECURITY UPDATE: denial of service and possible memory corruption via
malformed EC private key
- debian/patches/CVE-2015-0209.patch: fix use after free in
crypto/ec/ec_asn1.c.
- debian/patches/CVE-2015-0209-2.patch: fix a failure to NULL a pointer
freed on error in crypto/asn1/x_x509.c, crypto/ec/ec_asn1.c.
- CVE-2015-0209
* SECURITY UPDATE: denial of service via cert verification
- debian/patches/CVE-2015-0286.patch: handle boolean types in
crypto/asn1/a_type.c.
- CVE-2015-0286
* SECURITY UPDATE: ASN.1 structure reuse memory corruption
- debian/patches/CVE-2015-0287.patch: free up structures in
crypto/asn1/tasn_dec.c.
- CVE-2015-0287
* SECURITY UPDATE: denial of service via invalid certificate key
- debian/patches/CVE-2015-0288.patch: check public key isn't NULL in
crypto/x509/x509_req.c.
- CVE-2015-0288
* SECURITY UPDATE: denial of service and possible code execution via
PKCS#7 parsing
- debian/patches/CVE-2015-0289.patch: handle missing content in
crypto/pkcs7/pk7_doit.c, crypto/pkcs7/pk7_lib.c.
- CVE-2015-0289
* SECURITY UPDATE: denial of service or memory corruption via base64
decoding
- debian/patches/CVE-2015-0292.patch: prevent underflow in
crypto/evp/encode.c.
- CVE-2015-0292
* SECURITY UPDATE: denial of service via assert in SSLv2 servers
- debian/patches/CVE-2015-0293.patch: check key lengths in
ssl/s2_lib.c, ssl/s2_srvr.c.
- debian/patches/CVE-2015-0293-2.patch: fix unsigned/signed warnings in
ssl/s2_srvr.c.
- CVE-2015-0293
-- Marc Deslauriers <email address hidden> Thu, 19 Mar 2015 10:05:54 -0400
-
openssl (1.0.1f-1ubuntu9.1) utopic-security; urgency=medium
* SECURITY UPDATE: denial of service via unexpected handshake when
no-ssl3 build option is used (not the default)
- debian/patches/CVE-2014-3569.patch: keep the old method for now in
ssl/s23_srvr.c.
- CVE-2014-3569
* SECURITY UPDATE: bignum squaring may produce incorrect results
- debian/patches/CVE-2014-3570.patch: fix bignum logic in
crypto/bn/asm/mips.pl, crypto/bn/asm/x86_64-gcc.c,
crypto/bn/bn_asm.c, removed crypto/bn/asm/mips3.s, added test to
crypto/bn/bntest.c.
- CVE-2014-3570
* SECURITY UPDATE: DTLS segmentation fault in dtls1_get_record
- debian/patches/CVE-2014-3571-1.patch: fix crash in ssl/d1_pkt.c,
ssl/s3_pkt.c.
- debian/patches/CVE-2014-3571-2.patch: make code more obvious in
ssl/d1_pkt.c.
- CVE-2014-3571
* SECURITY UPDATE: ECDHE silently downgrades to ECDH [Client]
- debian/patches/CVE-2014-3572.patch: don't skip server key exchange in
ssl/s3_clnt.c.
- CVE-2014-3572
* SECURITY UPDATE: certificate fingerprints can be modified
- debian/patches/CVE-2014-8275.patch: fix various fingerprint issues in
crypto/asn1/a_bitstr.c, crypto/asn1/a_type.c, crypto/asn1/a_verify.c,
crypto/asn1/asn1.h, crypto/asn1/asn1_err.c, crypto/asn1/x_algor.c,
crypto/dsa/dsa_asn1.c, crypto/ecdsa/ecs_vrf.c, crypto/x509/x509.h,
crypto/x509/x_all.c.
- CVE-2014-8275
* SECURITY UPDATE: RSA silently downgrades to EXPORT_RSA [Client]
- debian/patches/CVE-2015-0204.patch: only allow ephemeral RSA keys in
export ciphersuites in ssl/d1_srvr.c, ssl/s3_clnt.c, ssl/s3_srvr.c,
ssl/ssl.h, adjust documentation in doc/ssl/SSL_CTX_set_options.pod,
doc/ssl/SSL_CTX_set_tmp_rsa_callback.pod.
- CVE-2015-0204
* SECURITY UPDATE: DH client certificates accepted without verification
- debian/patches/CVE-2015-0205.patch: prevent use of DH client
certificates without sending certificate verify message in
ssl/s3_srvr.c.
- CVE-2015-0205
* SECURITY UPDATE: DTLS memory leak in dtls1_buffer_record
- debian/patches/CVE-2015-0206.patch: properly handle failures in
ssl/d1_pkt.c.
- CVE-2015-0206
-- Marc Deslauriers <email address hidden> Fri, 09 Jan 2015 09:47:17 -0500
-
openssl (1.0.1f-1ubuntu9) utopic; urgency=medium
* SECURITY UPDATE: denial of service via DTLS SRTP memory leak
- debian/patches/CVE-2014-3513.patch: fix logic in ssl/d1_srtp.c,
ssl/srtp.h, ssl/t1_lib.c, util/mk1mf.pl, util/mkdef.pl,
util/ssleay.num.
- CVE-2014-3513
* SECURITY UPDATE: denial of service via session ticket integrity check
memory leak
- debian/patches/CVE-2014-3567.patch: perform cleanup in ssl/t1_lib.c.
- CVE-2014-3567
* SECURITY UPDATE: fix the no-ssl3 build option
- debian/patches/CVE-2014-3568.patch: fix conditional code in
ssl/s23_clnt.c, ssl/s23_srvr.c.
- CVE-2014-3568
* SECURITY IMPROVEMENT: Added TLS_FALLBACK_SCSV support to mitigate a
protocol downgrade attack to SSLv3 that exposes the POODLE attack.
- debian/patches/tls_fallback_scsv_support.patch: added support for
TLS_FALLBACK_SCSV in apps/s_client.c, crypto/err/openssl.ec,
ssl/d1_lib.c, ssl/dtls1.h, ssl/s23_clnt.c, ssl/s23_srvr.c,
ssl/s2_lib.c, ssl/s3_enc.c, ssl/s3_lib.c, ssl/ssl.h, ssl/ssl3.h,
ssl/ssl_err.c, ssl/ssl_lib.c, ssl/t1_enc.c, ssl/tls1.h,
doc/apps/s_client.pod, doc/ssl/SSL_CTX_set_mode.pod.
-- Marc Deslauriers <email address hidden> Thu, 16 Oct 2014 10:56:10 -0400
-
openssl (1.0.1f-1ubuntu8) utopic; urgency=medium
* Backport collected POWER8 optimisations from upstream (LP: #1290579).
-- Colin Watson <email address hidden> Fri, 26 Sep 2014 11:32:32 +0100
-
openssl (1.0.1f-1ubuntu7) utopic; urgency=medium
* SECURITY UPDATE: double free when processing DTLS packets
- debian/patches/CVE-2014-3505.patch: fix double free in ssl/d1_both.c.
- CVE-2014-3505
* SECURITY UPDATE: DTLS memory exhaustion
- debian/patches/CVE-2014-3506.patch: fix DTLS handshake message size
checks in ssl/d1_both.c.
- CVE-2014-3506
* SECURITY UPDATE: DTLS memory leak from zero-length fragments
- debian/patches/CVE-2014-3507.patch: fix memory leak and return codes
in ssl/d1_both.c.
- CVE-2014-3507
* SECURITY UPDATE: information leak in pretty printing functions
- debian/patches/CVE-2014-3508.patch: fix OID handling in
crypto/asn1/a_object.c, crypto/objects/obj_dat.c.
- CVE-2014-3508
* SECURITY UPDATE: race condition in ssl_parse_serverhello_tlsext
- debian/patches/CVE-2014-3509.patch: fix race in ssl/t1_lib.c.
- CVE-2014-3509
* SECURITY UPDATE: DTLS anonymous EC(DH) denial of service
- debian/patches/CVE-2014-3510.patch: check for server certs in
ssl/d1_clnt.c, ssl/s3_clnt.c.
- CVE-2014-3510
* SECURITY UPDATE: TLS protocol downgrade attack
- debian/patches/CVE-2014-3511.patch: properly handle fragments in
ssl/s23_srvr.c.
- CVE-2014-3511
* SECURITY UPDATE: SRP buffer overrun
- debian/patches/CVE-2014-3512.patch: check parameters in
crypto/srp/srp_lib.c.
- CVE-2014-3512
* SECURITY UPDATE: crash with SRP ciphersuite in Server Hello message
- debian/patches/CVE-2014-5139.patch: fix SRP authentication and make
sure ciphersuite is set up correctly in ssl/s3_clnt.c, ssl/ssl_lib.c,
ssl/s3_lib.c, ssl/ssl.h, ssl/ssl_ciph.c, ssl/ssl_locl.h.
- CVE-2014-5139
-- Marc Deslauriers <email address hidden> Thu, 07 Aug 2014 09:34:54 -0400
-
openssl (1.0.1f-1ubuntu6) utopic; urgency=medium
* SECURITY UPDATE: regression with certain renegotiations (LP: #1332643)
- debian/patches/CVE-2014-0224-regression2.patch: accept CCS after
sending finished ssl/s3_clnt.c.
-- Marc Deslauriers <email address hidden> Fri, 20 Jun 2014 13:51:23 -0400
-
openssl (1.0.1f-1ubuntu5) utopic; urgency=medium
* SECURITY UPDATE: regression with tls_session_secret_cb (LP: #1329297)
- debian/patches/CVE-2014-0224.patch: set the CCS_OK flag when using
tls_session_secret_cb for session resumption in ssl/s3_clnt.c.
-- Marc Deslauriers <email address hidden> Thu, 12 Jun 2014 08:23:12 -0400
-
openssl (1.0.1f-1ubuntu4) utopic; urgency=medium
* SECURITY UPDATE: arbitrary code execution via DTLS invalid fragment
- debian/patches/CVE-2014-0195.patch: add consistency check for DTLS
fragments in ssl/d1_both.c.
- CVE-2014-0195
* SECURITY UPDATE: denial of service via DTLS recursion flaw
- debian/patches/CVE-2014-0221.patch: handle DTLS hello request without
recursion in ssl/d1_both.c.
- CVE-2014-0221
* SECURITY UPDATE: MITM via change cipher spec
- debian/patches/CVE-2014-0224-1.patch: only accept change cipher spec
when it is expected in ssl/s3_clnt.c, ssl/s3_pkt.c, ssl/s3_srvr.c,
ssl/ssl3.h.
- debian/patches/CVE-2014-0224-2.patch: don't accept zero length master
secrets in ssl/s3_pkt.c.
- debian/patches/CVE-2014-0224-3.patch: allow CCS after resumption in
ssl/s3_clnt.c.
- CVE-2014-0224
* SECURITY UPDATE: denial of service via ECDH null session cert
- debian/patches/CVE-2014-3470.patch: check session_cert is not NULL
before dereferencing it in ssl/s3_clnt.c.
- CVE-2014-3470
-- Marc Deslauriers <email address hidden> Thu, 05 Jun 2014 08:39:17 -0400
-
openssl (1.0.1f-1ubuntu3) utopic; urgency=medium
* SECURITY UPDATE: denial of service via use after free
- debian/patches/CVE-2010-5298.patch: check s->s3->rbuf.left before
releasing buffers in ssl/s3_pkt.c.
- CVE-2010-5298
* SECURITY UPDATE: denial of service via null pointer dereference
- debian/patches/CVE-2014-0198.patch: if buffer was released, get a new
one in ssl/s3_pkt.c.
- CVE-2014-0198
-- Marc Deslauriers <email address hidden> Fri, 02 May 2014 15:18:26 -0400
-
openssl (1.0.1f-1ubuntu2) trusty; urgency=medium
* SECURITY UPDATE: side-channel attack on Montgomery ladder implementation
- debian/patches/CVE-2014-0076.patch: add and use constant time swap in
crypto/bn/bn.h, crypto/bn/bn_lib.c, crypto/ec/ec2_mult.c,
util/libeay.num.
- CVE-2014-0076
* SECURITY UPDATE: memory disclosure in TLS heartbeat extension
- debian/patches/CVE-2014-0160.patch: use correct lengths in
ssl/d1_both.c, ssl/t1_lib.c.
- CVE-2014-0160
-- Marc Deslauriers <email address hidden> Mon, 07 Apr 2014 15:37:53 -0400