[Touch-packages] [Bug 1550643] Re: Please backport OpenSSL SNI signature algorithms fix.

[Launchpad Bug Tracker]

This bug was fixed in the package openssl - 1.0.1f-1ubuntu2.18

---
openssl (1.0.1f-1ubuntu2.18) trusty-security; urgency=medium

  * SECURITY UPDATE: side channel attack on modular exponentiation
- debian/patches/CVE-2016-0702.patch: use constant-time calculations in
  crypto/bn/asm/x86_64-mont5.pl, crypto/bn/bn_exp.c,
  crypto/perlasm/x86_64-xlate.pl, crypto/constant_time_locl.h.
- CVE-2016-0702
  * SECURITY UPDATE: double-free in DSA code
- debian/patches/CVE-2016-0705.patch: fix double-free in
  crypto/dsa/dsa_ameth.c.
- CVE-2016-0705
  * SECURITY UPDATE: BN_hex2bn/BN_dec2bn NULL pointer deref/heap corruption
- debian/patches/CVE-2016-0797.patch: prevent overflow in
  crypto/bn/bn_print.c, crypto/bn/bn.h.
- CVE-2016-0797
  * SECURITY UPDATE: memory leak in SRP database lookups
- debian/patches/CVE-2016-0798.patch: disable SRP fake user seed and
  introduce new SRP_VBASE_get1_by_user function that handled seed
  properly in apps/s_server.c, crypto/srp/srp.h, crypto/srp/srp_vfy.c,
  util/libeay.num, openssl.ld.
- CVE-2016-0798
  * SECURITY UPDATE: memory issues in BIO_*printf functions
- debian/patches/CVE-2016-0799.patch: prevent overflow in
  crypto/bio/b_print.c.
- CVE-2016-0799
  * debian/patches/preserve_digests_for_sni.patch: preserve negotiated
digests for SNI when SSL_set_SSL_CTX is called in ssl/ssl_lib.c.
(LP: #1550643)

 -- Marc Deslauriers   Mon, 29 Feb 2016
07:56:15 -0500

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to openssl in Ubuntu.
https://bugs.launchpad.net/bugs/1550643

Title:
  Please backport OpenSSL SNI signature algorithms fix.

Status in openssl package in Ubuntu:
  Fix Released
Status in openssl source package in Precise:
  Fix Released
Status in openssl source package in Trusty:
  Fix Released

Bug description:
  If an OpenSSL consumer uses SSL_set_SSL_CTX (very commonly done with
  SNI), OpenSSL 1.0.1i and earlier lose internal state relating to TLS
  1.2 which causes it to forget the peer's digest preferences. The end
  result is such servers will *only* sign SHA-1 ServerKeyExchanges in
  TLS 1.2, even if the peer advertises other hashes or even doesn't
  advertise SHA-1 at all.

  See:
  https://rt.openssl.org/Ticket/Display.html?id=3560
  https://bugzilla.redhat.com/show_bug.cgi?id=1150033
  
https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=4e05aedbcab7f7f83a887e952ebdcc5d4f2291e4
  http://www.ietf.org/mail-archive/web/tls/current/msg19195.html

  Glancing at packages.ubuntu.com, this seems to affect Ubuntu vivid and
  below. It would be greatly appreciated if you would backport this fix
  to all applicable releases so Ubuntu servers do not become the
  limiting factor in someday removing SHA-1 here.

  The links above should have reproduction steps you can use to confirm
  the bug and test the fix. (Note that it requires a build of OpenSSL
  1.0.2 to confirm the bug. OpenSSL 1.0.1's s_client doesn't print the
  necessary information.)

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/openssl/+bug/1550643/+subscriptions

-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp

[Touch-packages] [Bug 1550643] Re: Please backport OpenSSL SNI signature algorithms fix.

[Launchpad Bug Tracker]

This bug was fixed in the package openssl - 1.0.1-4ubuntu5.35

---
openssl (1.0.1-4ubuntu5.35) precise-security; urgency=medium

  * SECURITY UPDATE: side channel attack on modular exponentiation
- debian/patches/CVE-2016-0702.patch: use constant-time calculations in
  crypto/bn/asm/x86_64-mont5.pl, crypto/bn/bn_exp.c,
  crypto/perlasm/x86_64-xlate.pl, crypto/constant_time_locl.h.
- CVE-2016-0702
  * SECURITY UPDATE: double-free in DSA code
- debian/patches/CVE-2016-0705.patch: fix double-free in
  crypto/dsa/dsa_ameth.c.
- CVE-2016-0705
  * SECURITY UPDATE: BN_hex2bn/BN_dec2bn NULL pointer deref/heap corruption
- debian/patches/CVE-2016-0797.patch: prevent overflow in
  crypto/bn/bn_print.c, crypto/bn/bn.h.
- CVE-2016-0797
  * SECURITY UPDATE: memory leak in SRP database lookups
- debian/patches/CVE-2016-0798.patch: disable SRP fake user seed and
  introduce new SRP_VBASE_get1_by_user function that handled seed
  properly in apps/s_server.c, crypto/srp/srp.h, crypto/srp/srp_vfy.c,
  util/libeay.num, openssl.ld.
- CVE-2016-0798
  * SECURITY UPDATE: memory issues in BIO_*printf functions
- debian/patches/CVE-2016-0799.patch: prevent overflow in
  crypto/bio/b_print.c.
- CVE-2016-0799
  * debian/patches/preserve_digests_for_sni.patch: preserve negotiated
digests for SNI when SSL_set_SSL_CTX is called in ssl/ssl_lib.c.
(LP: #1550643)

 -- Marc Deslauriers   Mon, 29 Feb 2016
08:01:48 -0500

** Changed in: openssl (Ubuntu Precise)
   Status: Confirmed => Fix Released

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2016-0702

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2016-0705

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2016-0797

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2016-0798

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2016-0799

** Changed in: openssl (Ubuntu Trusty)
   Status: Confirmed => Fix Released

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to openssl in Ubuntu.
https://bugs.launchpad.net/bugs/1550643

Title:
  Please backport OpenSSL SNI signature algorithms fix.

Status in openssl package in Ubuntu:
  Fix Released
Status in openssl source package in Precise:
  Fix Released
Status in openssl source package in Trusty:
  Fix Released

Bug description:
  If an OpenSSL consumer uses SSL_set_SSL_CTX (very commonly done with
  SNI), OpenSSL 1.0.1i and earlier lose internal state relating to TLS
  1.2 which causes it to forget the peer's digest preferences. The end
  result is such servers will *only* sign SHA-1 ServerKeyExchanges in
  TLS 1.2, even if the peer advertises other hashes or even doesn't
  advertise SHA-1 at all.

  See:
  https://rt.openssl.org/Ticket/Display.html?id=3560
  https://bugzilla.redhat.com/show_bug.cgi?id=1150033
  
https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=4e05aedbcab7f7f83a887e952ebdcc5d4f2291e4
  http://www.ietf.org/mail-archive/web/tls/current/msg19195.html

  Glancing at packages.ubuntu.com, this seems to affect Ubuntu vivid and
  below. It would be greatly appreciated if you would backport this fix
  to all applicable releases so Ubuntu servers do not become the
  limiting factor in someday removing SHA-1 here.

  The links above should have reproduction steps you can use to confirm
  the bug and test the fix. (Note that it requires a build of OpenSSL
  1.0.2 to confirm the bug. OpenSSL 1.0.1's s_client doesn't print the
  necessary information.)

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/openssl/+bug/1550643/+subscriptions

-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp

[Touch-packages] [Bug 1550643] Re: Please backport OpenSSL SNI signature algorithms fix.

[Marc Deslauriers]

** Also affects: openssl (Ubuntu Trusty)
   Importance: Undecided
   Status: New

** Also affects: openssl (Ubuntu Precise)
   Importance: Undecided
   Status: New

** Changed in: openssl (Ubuntu Precise)
   Status: New => Confirmed

** Changed in: openssl (Ubuntu Trusty)
   Status: New => Confirmed

** Changed in: openssl (Ubuntu Precise)
   Importance: Undecided => Medium

** Changed in: openssl (Ubuntu Trusty)
   Importance: Undecided => Medium

** Changed in: openssl (Ubuntu Precise)
 Assignee: (unassigned) => Marc Deslauriers (mdeslaur)

** Changed in: openssl (Ubuntu Trusty)
 Assignee: (unassigned) => Marc Deslauriers (mdeslaur)

** Changed in: openssl (Ubuntu)
   Status: New => Fix Released

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to openssl in Ubuntu.
https://bugs.launchpad.net/bugs/1550643

Title:
  Please backport OpenSSL SNI signature algorithms fix.

Status in openssl package in Ubuntu:
  Fix Released
Status in openssl source package in Precise:
  Confirmed
Status in openssl source package in Trusty:
  Confirmed

Bug description:
  If an OpenSSL consumer uses SSL_set_SSL_CTX (very commonly done with
  SNI), OpenSSL 1.0.1i and earlier lose internal state relating to TLS
  1.2 which causes it to forget the peer's digest preferences. The end
  result is such servers will *only* sign SHA-1 ServerKeyExchanges in
  TLS 1.2, even if the peer advertises other hashes or even doesn't
  advertise SHA-1 at all.

  See:
  https://rt.openssl.org/Ticket/Display.html?id=3560
  https://bugzilla.redhat.com/show_bug.cgi?id=1150033
  
https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=4e05aedbcab7f7f83a887e952ebdcc5d4f2291e4
  http://www.ietf.org/mail-archive/web/tls/current/msg19195.html

  Glancing at packages.ubuntu.com, this seems to affect Ubuntu vivid and
  below. It would be greatly appreciated if you would backport this fix
  to all applicable releases so Ubuntu servers do not become the
  limiting factor in someday removing SHA-1 here.

  The links above should have reproduction steps you can use to confirm
  the bug and test the fix. (Note that it requires a build of OpenSSL
  1.0.2 to confirm the bug. OpenSSL 1.0.1's s_client doesn't print the
  necessary information.)

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/openssl/+bug/1550643/+subscriptions

-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp