This bug was fixed in the package openssl - 1.0.2g-1ubuntu4.4

openssl (1.0.2g-1ubuntu4.4) xenial-security; urgency=medium

  * SECURITY UPDATE: Pointer arithmetic undefined behaviour
    - debian/patches/CVE-2016-2177.patch: avoid undefined pointer
      arithmetic in ssl/s3_srvr.c, ssl/ssl_sess.c, ssl/t1_lib.c.
    - CVE-2016-2177
  * SECURITY UPDATE: Constant time flag not preserved in DSA signing
    - debian/patches/CVE-2016-2178-*.patch: preserve BN_FLG_CONSTTIME in
    - CVE-2016-2178
  * SECURITY UPDATE: DTLS buffered message DoS
    - debian/patches/CVE-2016-2179.patch: fix queue handling in
      ssl/d1_both.c, ssl/d1_clnt.c, ssl/d1_lib.c, ssl/d1_srvr.c,
    - CVE-2016-2179
  * SECURITY UPDATE: OOB read in TS_OBJ_print_bio()
    - debian/patches/CVE-2016-2180.patch: fix text handling in
    - CVE-2016-2180
  * SECURITY UPDATE: DTLS replay protection DoS
    - debian/patches/CVE-2016-2181-1.patch: properly handle unprocessed
      records in ssl/d1_pkt.c.
    - debian/patches/CVE-2016-2181-2.patch: protect against replay attacks
      in ssl/d1_pkt.c, ssl/ssl.h, ssl/ssl_err.c.
    - debian/patches/CVE-2016-2181-3.patch: update error code in ssl/ssl.h.
    - CVE-2016-2181
  * SECURITY UPDATE: OOB write in BN_bn2dec()
    - debian/patches/CVE-2016-2182.patch: don't overflow buffer in
    - CVE-2016-2182
    - debian/patches/CVE-2016-2183.patch: move DES ciphersuites from HIGH
      to MEDIUM in ssl/s3_lib.c.
    - CVE-2016-2183
  * SECURITY UPDATE: Malformed SHA512 ticket DoS
    - debian/patches/CVE-2016-6302.patch: sanity check ticket length in
    - CVE-2016-6302
  * SECURITY UPDATE: OOB write in MDC2_Update()
    - debian/patches/CVE-2016-6303.patch: avoid overflow in
    - CVE-2016-6303
  * SECURITY UPDATE: OCSP Status Request extension unbounded memory growth
    - debian/patches/CVE-2016-6304.patch: remove OCSP_RESPIDs from previous
      handshake in ssl/t1_lib.c.
    - CVE-2016-6304
  * SECURITY UPDATE: Certificate message OOB reads
    - debian/patches/CVE-2016-6306-1.patch: check lengths in ssl/s3_clnt.c,
    - debian/patches/CVE-2016-6306-2.patch: make message buffer slightly
      larger in ssl/d1_both.c, ssl/s3_both.c.
    - CVE-2016-6306

 -- Marc Deslauriers <>  Thu, 22 Sep 2016
08:22:22 -0400

** Changed in: openssl (Ubuntu Xenial)
       Status: Fix Committed => Fix Released

** CVE added:

** CVE added:

** CVE added:

** CVE added:

** CVE added:

** CVE added:

** CVE added:

** CVE added:

** CVE added:

** CVE added:

** CVE added:

You received this bug notification because you are a member of नेपाली
भाषा समायोजकहरुको समूह, which is subscribed to Xenial.
Matching subscriptions: Ubuntu 16.04 Bugs

  Remove incomplete fips in openssl in xenial.

Status in openssl package in Ubuntu:
  Fix Released
Status in openssl source package in Xenial:
  Fix Released
Status in openssl source package in Yakkety:
  Fix Released

Bug description:
  Package: openssl-1.0.2g-1ubuntu4.1
  Distro: xenial

  The openssl contains incomplete fips patches. In light that the fips
  is incomplete and will not be completed in the main archive and they
  are impacting customers, they should be withdrawn. See lp bugs
  1593953, 1591797, 1594748, 1588524, 1613658. Removal of these fips
  patches will remove these fips-related issues.

  [Test case]
  1. Problem in 1594748
  Note: this problem was reported in upstream openssl and testcase posted there 

  CRYPTO_set_mem_functions() always returns 0 because library
  initialization within fips code already calls CRYPTO_malloc() and
  disables it.

  This testcase should cause openssl to abort, but instead it returns a

  #include <stdio.h>
  #include <stdlib.h>
  #include <openssl/ssl.h>
  void * my_alloc(size_t n) { abort(); }
  void my_free(void *p) { abort(); }
  void * my_realloc(void *p, size_t n) { abort(); }
  int main(int argc, const char **argv)
    const SSL_METHOD *method;
    SSL_CTX *ctx;
    CRYPTO_set_mem_functions(my_alloc, my_realloc, my_free);
    method = SSLv23_client_method();
    ctx = SSL_CTX_new(method);
    printf("Got ctx %p\n", ctx);
    return 0;

  2. Problem in 1593953
  EC key generation allows user to generate keys using EC curves that the EC 
sign and verify
  do not support when OPENSSL_FIPS is defined.
  Testcase taken from lp #1593953

  openssl ecparam -genkey -name Oakley-EC2N-4

  will fail when OPENSSL_FIPS is defined since it causes a fips key-pair 
consistency check to be done.
  Otherwise, without OPENSSL_FIPS defined, the check is not done.

  3. Problem reported in 1588524
  Error code being skipped...

  Testcase taken from lp #1588524

  #include <openssl/err.h>
  #include <openssl/ssl.h>

  int main() {
      int rc;
      unsigned long fips_err;
      rc = FIPS_mode_set(1);
      fips_err = ERR_peek_last_error();

      // FIPS_mode_set will return 0 on failure, which is expected if
      // the FIPS module is not compiled. In this case, we should then
      // be able to get the error code
      printf("%d %lu\n", rc, fips_err);

      return 0;

  Should report an error message.

  [ Regression potential ]
  Removing the fips patches should decrease regression potential of openssl in 
the main archive.

To manage notifications about this bug go to:

Mailing list:
Post to     :
Unsubscribe :
More help   :

Reply via email to