openssl (1.0.0e-2ubuntu4.2) oneiric-security; urgency=low
* SECURITY UPDATE: DTLS plaintext recovery attack
- debian/patches/CVE-2011-4108.patch: perform all computations
before discarding messages
- CVE-2011-4108
* SECURITY UPDATE: SSL 3.0 block padding exposure
- debian/patches/CVE-2011-4576.patch: clear bytes used for block
padding of SSL 3.0 records.
- CVE-2011-4576
* SECURITY UPDATE: malformed RFC 3779 data denial of service attack
- debian/patches/CVE-2011-4577.patch: prevent malformed RFC3779
data from triggering an assertion failure
- CVE-2011-4577
* SECURITY UPDATE: Server Gated Cryptography (SGC) denial of service
- debian/patches/CVE-2011-4619.patch: Only allow one SGC handshake
restart for SSL/TLS.
- CVE-2011-4619
* SECURITY UPDATE: GOST block cipher denial of service
- debian/patches/CVE-2012-0027.patch: check GOST parameters are
not NULL
- CVE-2012-0027
* SECURITY UPDATE: fix for CVE-2011-4108 denial of service attack
- debian/patches/CVE-2012-0050.patch: improve handling of DTLS MAC
- CVE-2012-0050
Date: Wed, 08 Feb 2012 16:06:24 -0800
Changed-By: Steve Beattie <[email protected]>
Maintainer: Ubuntu Developers <[email protected]>
https://launchpad.net/ubuntu/oneiric/+source/openssl/1.0.0e-2ubuntu4.2
Format: 1.8
Date: Wed, 08 Feb 2012 16:06:24 -0800
Source: openssl
Binary: openssl libssl1.0.0 libcrypto1.0.0-udeb libssl1.0.0-udeb libssl-dev
libssl-doc libssl1.0.0-dbg
Architecture: source
Version: 1.0.0e-2ubuntu4.2
Distribution: oneiric-security
Urgency: low
Maintainer: Ubuntu Developers <[email protected]>
Changed-By: Steve Beattie <[email protected]>
Description:
libcrypto1.0.0-udeb - crypto shared library - udeb (udeb)
libssl-dev - SSL development libraries, header files and documentation
libssl-doc - SSL development documentation documentation
libssl1.0.0 - SSL shared libraries
libssl1.0.0-dbg - Symbol tables for libssl and libcrypto
libssl1.0.0-udeb - ssl shared library - udeb (udeb)
openssl - Secure Socket Layer (SSL) binary and related cryptographic tools
Changes:
openssl (1.0.0e-2ubuntu4.2) oneiric-security; urgency=low
.
* SECURITY UPDATE: DTLS plaintext recovery attack
- debian/patches/CVE-2011-4108.patch: perform all computations
before discarding messages
- CVE-2011-4108
* SECURITY UPDATE: SSL 3.0 block padding exposure
- debian/patches/CVE-2011-4576.patch: clear bytes used for block
padding of SSL 3.0 records.
- CVE-2011-4576
* SECURITY UPDATE: malformed RFC 3779 data denial of service attack
- debian/patches/CVE-2011-4577.patch: prevent malformed RFC3779
data from triggering an assertion failure
- CVE-2011-4577
* SECURITY UPDATE: Server Gated Cryptography (SGC) denial of service
- debian/patches/CVE-2011-4619.patch: Only allow one SGC handshake
restart for SSL/TLS.
- CVE-2011-4619
* SECURITY UPDATE: GOST block cipher denial of service
- debian/patches/CVE-2012-0027.patch: check GOST parameters are
not NULL
- CVE-2012-0027
* SECURITY UPDATE: fix for CVE-2011-4108 denial of service attack
- debian/patches/CVE-2012-0050.patch: improve handling of DTLS MAC
- CVE-2012-0050
Checksums-Sha1:
a895aa59f6bc44a2e3e9cfc8a53aac9c764e9f02 2087 openssl_1.0.0e-2ubuntu4.2.dsc
05fba2eebf39fcc5834b7f13cadd11d23475f251 117834
openssl_1.0.0e-2ubuntu4.2.debian.tar.gz
Checksums-Sha256:
5c5dec895f96a7271532d6188dfa27ac5b338868f8746920342165584cfda6cc 2087
openssl_1.0.0e-2ubuntu4.2.dsc
229f05a3a9f6b1225edc302d9de9567c1c96ff8cf17550220871e717378ab4e1 117834
openssl_1.0.0e-2ubuntu4.2.debian.tar.gz
Files:
0b4a4b08fe0c36f9c05b146ccaec5a8c 2087 utils optional
openssl_1.0.0e-2ubuntu4.2.dsc
fb51d614ccf397b630d46acd9c8f4968 117834 utils optional
openssl_1.0.0e-2ubuntu4.2.debian.tar.gz
Original-Maintainer: Debian OpenSSL Team
<[email protected]>
--
Oneiric-changes mailing list
[email protected]
Modify settings or unsubscribe at:
https://lists.ubuntu.com/mailman/listinfo/oneiric-changes
