This fix will be released in the next large update.
** Changed in: dell-mini
Importance: Undecided => Critical
** Changed in: dell-mini
Status: New => Fix Committed
** Changed in: dell-mini
Assignee: (unassigned) => Canonical OEM Security (oem-security)
--
Update OpenSSL to version 0.9.8g-4ubuntu3.5
https://bugs.launchpad.net/bugs/352919
You received this bug notification because you are a member of OEM
Services QA, which is subscribed to The Dell Mini Project.
Status in Dell Inspiron Mini with Custom Dell UI: Fix Committed
Bug description:
OpenSSL is currently in version 0.9.8g-4ubuntu3.3 in dell-mini-hardy. It should
be update to version 0.9.8g-4ubuntu3.5 to fix several security vulnerabilities.
Generic hardy has been already been patched.
Changelog:
openssl (0.9.8g-4ubuntu3.5) hardy-security; urgency=low
* SECURITY UPDATE: crash via invalid memory access when printing BMPString
or UniversalString with invalid length
- crypto/asn1/tasn_dec.c, crypto/asn1/asn1_err.c and crypto/asn1/asn1.h:
return error if invalid length
- CVE-2009-0590
- http://www.openssl.org/news/secadv_20090325.txt
- patch from upstream CVS:
crypto/asn1/asn1.h:1.128.2.11->1.128.2.12
crypto/asn1/asn1_err.c:1.54.2.4->1.54.2.5
crypto/asn1/tasn_dec.c:1.26.2.10->1.26.2.11
-- Jamie Strandboge <ja...@ubuntu.com> Thu, 26 Mar 2009 14:12:48 -0500
openssl (0.9.8g-4ubuntu3.4) hardy-security; urgency=low
* SECURITY UPDATE: clients treat malformed signatures as good when verifying
server DSA and ECDSA certificates
- update apps/speed.c, apps/spkac.c, apps/verify.c, apps/x509.c,
ssl/s2_clnt.c, ssl/s2_srvr.c, ssl/s3_clnt.c, s3_srvr.c, and
ssl/ssltest.c to properly check the return code of EVP_VerifyFinal()
- patch based on upstream patch for #2008-016
- CVE-2008-5077
-- Jamie Strandboge <ja...@ubuntu.com> Tue, 06 Jan 2009 01:00:29 -0600
_______________________________________________
Mailing list: https://launchpad.net/~oem-qa
Post to : oem-qa@lists.launchpad.net
Unsubscribe : https://launchpad.net/~oem-qa
More help : https://help.launchpad.net/ListHelp
