> This experience makes me wonder how patches for the -security suites
(default for unattended-upgrades) are tested and QA'ed. Can anything be
done to the Ubuntu process to prevent things like this happening again?
For OpenSSL, we run it through a test suite and also test it with
commonly run
Thanks for the fix.
I too can verify that our system doesn't segfault on Ubuntu 14.04
(trusty) using latest libssl1.0.0 (=1.0.1f-1ubuntu2.21);
# dpkg -l |grep libssl1.0.0
ii libssl1.0.0:amd64 1.0.1f-1ubuntu2.21
amd64Secure Sockets
Thank you. I can verify libssl1.0.0 1.0.2g-1ubuntu4.5 no longer exhibits
the crash:
jenkins@ubuntutemplate:/var/lib/jenkins/workspace/imt-erp-e2e-flaky/webshop/vagrant/wordpress$
apt-cache policy libssl1.0.0
libssl1.0.0:
Installed: 1.0.2g-1ubuntu4.5
Candidate: 1.0.2g-1ubuntu4.5
Version
** No longer affects: openssl (Ubuntu Yakkety)
** Changed in: openssl (Ubuntu)
Status: Invalid => Fix Released
** Tags added: regression-update
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to openssl in Ubuntu.
** Changed in: openssl (Ubuntu Yakkety)
Status: Confirmed => Invalid
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to openssl in Ubuntu.
https://bugs.launchpad.net/bugs/1626883
Title:
libssl 1.0.2g-1ubuntu4.4 and
This bug was fixed in the package openssl - 1.0.2g-1ubuntu4.5
---
openssl (1.0.2g-1ubuntu4.5) xenial-security; urgency=medium
* SECURITY REGRESSION: incomplete fix for CVE-2016-2182 (LP: #1626883)
- debian/patches/CVE-2016-2182-2.patch: fix off-by-one in overflow
check in
This bug was fixed in the package openssl - 1.0.1f-1ubuntu2.21
---
openssl (1.0.1f-1ubuntu2.21) trusty-security; urgency=medium
* SECURITY REGRESSION: incomplete fix for CVE-2016-2182 (LP: #1626883)
- debian/patches/CVE-2016-2182-2.patch: fix off-by-one in overflow
check
This bug was fixed in the package openssl - 1.0.1-4ubuntu5.38
---
openssl (1.0.1-4ubuntu5.38) precise-security; urgency=medium
* SECURITY REGRESSION: incomplete fix for CVE-2016-2182 (LP: #1626883)
- debian/patches/CVE-2016-2182-2.patch: fix off-by-one in overflow
check
Packages that fix this issue are currently being built in the security
team PPA:
https://launchpad.net/~ubuntu-security-
proposed/+archive/ubuntu/ppa/+packages
They will be published as soon as they finish building and have gone
through QA.
--
You received this bug notification because you are
** Also affects: openssl (Ubuntu Trusty)
Importance: Undecided
Status: New
** Also affects: openssl (Ubuntu Yakkety)
Importance: Medium
Assignee: Marc Deslauriers (mdeslaur)
Status: Confirmed
** Also affects: openssl (Ubuntu Precise)
Importance: Undecided
Can confirm that this affects 1.0.1-4ubuntu5.37 on 12.04
Reproducible by trying to openssl_x509_parse the ssl cert for
sourceforge with PHP 5.5.30-1+deb.sury.org~precise+1
$ openssl s_client -connect sourceforge.net:443 cert.txt
$ echo " segfault.php
$ php segfault.php
Segmentation fault (core
Also affected 1.0.1-4ubuntu5.37 on 12.04
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to openssl in Ubuntu.
https://bugs.launchpad.net/bugs/1626883
Title:
libssl 1.0.2g-1ubuntu4.4 and 1.0.1f-1ubuntu2.20 cause PHP SSL cert
I can reproduce this and will release an updated openssl package today.
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to openssl in Ubuntu.
https://bugs.launchpad.net/bugs/1626883
Title:
libssl 1.0.2g-1ubuntu4.4 and
** Changed in: openssl (Ubuntu)
Assignee: (unassigned) => Marc Deslauriers (mdeslaur)
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to openssl in Ubuntu.
https://bugs.launchpad.net/bugs/1626883
Title:
libssl
Thanks @ollisa.
I had the same thoughts about 1.0.1f-1ubuntu2 so I found a downloadable
build at https://launchpad.net/ubuntu/+source/openssl/1.0.1f-
1ubuntu2.19. Installing just the ubuntu2.19 version of libssl1.0.0
solved the issue;
wget
** Summary changed:
- libssl 1.0.2g-1ubuntu4.4 causes PHP7 SSL cert validation to segfault
+ libssl 1.0.2g-1ubuntu4.4 and 1.0.1f-1ubuntu2.20 cause PHP SSL cert validation
to segfault
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is
16 matches
Mail list logo
