This bug was fixed in the package openssl - 1.0.2g-1ubuntu4.4 --------------- openssl (1.0.2g-1ubuntu4.4) xenial-security; urgency=medium
* SECURITY UPDATE: Pointer arithmetic undefined behaviour - debian/patches/CVE-2016-2177.patch: avoid undefined pointer arithmetic in ssl/s3_srvr.c, ssl/ssl_sess.c, ssl/t1_lib.c. - CVE-2016-2177 * SECURITY UPDATE: Constant time flag not preserved in DSA signing - debian/patches/CVE-2016-2178-*.patch: preserve BN_FLG_CONSTTIME in crypto/dsa/dsa_ossl.c. - CVE-2016-2178 * SECURITY UPDATE: DTLS buffered message DoS - debian/patches/CVE-2016-2179.patch: fix queue handling in ssl/d1_both.c, ssl/d1_clnt.c, ssl/d1_lib.c, ssl/d1_srvr.c, ssl/ssl_locl.h. - CVE-2016-2179 * SECURITY UPDATE: OOB read in TS_OBJ_print_bio() - debian/patches/CVE-2016-2180.patch: fix text handling in crypto/ts/ts_lib.c. - CVE-2016-2180 * SECURITY UPDATE: DTLS replay protection DoS - debian/patches/CVE-2016-2181-1.patch: properly handle unprocessed records in ssl/d1_pkt.c. - debian/patches/CVE-2016-2181-2.patch: protect against replay attacks in ssl/d1_pkt.c, ssl/ssl.h, ssl/ssl_err.c. - debian/patches/CVE-2016-2181-3.patch: update error code in ssl/ssl.h. - CVE-2016-2181 * SECURITY UPDATE: OOB write in BN_bn2dec() - debian/patches/CVE-2016-2182.patch: don't overflow buffer in crypto/bn/bn_print.c. - CVE-2016-2182 * SECURITY UPDATE: SWEET32 Mitigation - debian/patches/CVE-2016-2183.patch: move DES ciphersuites from HIGH to MEDIUM in ssl/s3_lib.c. - CVE-2016-2183 * SECURITY UPDATE: Malformed SHA512 ticket DoS - debian/patches/CVE-2016-6302.patch: sanity check ticket length in ssl/t1_lib.c. - CVE-2016-6302 * SECURITY UPDATE: OOB write in MDC2_Update() - debian/patches/CVE-2016-6303.patch: avoid overflow in crypto/mdc2/mdc2dgst.c. - CVE-2016-6303 * SECURITY UPDATE: OCSP Status Request extension unbounded memory growth - debian/patches/CVE-2016-6304.patch: remove OCSP_RESPIDs from previous handshake in ssl/t1_lib.c. - CVE-2016-6304 * SECURITY UPDATE: Certificate message OOB reads - debian/patches/CVE-2016-6306-1.patch: check lengths in ssl/s3_clnt.c, ssl/s3_srvr.c. - debian/patches/CVE-2016-6306-2.patch: make message buffer slightly larger in ssl/d1_both.c, ssl/s3_both.c. - CVE-2016-6306 -- Marc Deslauriers <marc.deslauri...@ubuntu.com> Thu, 22 Sep 2016 08:22:22 -0400 ** Changed in: openssl (Ubuntu Xenial) Status: Fix Committed => Fix Released ** CVE added: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2016-2177 ** CVE added: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2016-2178 ** CVE added: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2016-2179 ** CVE added: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2016-2180 ** CVE added: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2016-2181 ** CVE added: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2016-2182 ** CVE added: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2016-2183 ** CVE added: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2016-6302 ** CVE added: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2016-6303 ** CVE added: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2016-6304 ** CVE added: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2016-6306 -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to openssl in Ubuntu. https://bugs.launchpad.net/bugs/1593953 Title: EC_KEY_generate_key() causes FIPS self-test failure Status in openssl package in Ubuntu: Fix Released Status in openssl source package in Xenial: Fix Released Bug description: EC_KEY_generate_key() internally calls fips_pkey_signature_test() which performs a pairwise check by ECDSA signing/verifying, but some groups don't support ECDSA. For example, `openssl ecparam -genkey -name Oakley-EC2N-4` fails. Unfortunately `openssl ecparam` doesn't give any useful information so I modified a bit: ~~~ diff --git a/apps/ecparam.c b/apps/ecparam.c index 71b67f4..db89c2f 100644 --- a/apps/ecparam.c +++ b/apps/ecparam.c @@ -585,6 +585,7 @@ int MAIN(int argc, char **argv) if (!EC_KEY_generate_key(eckey)) { EC_KEY_free(eckey); + ERR_print_errors(bio_err); goto end; } if (outformat == FORMAT_ASN1) ~~~ And I got: ~~~ $ LD_LIBRARY_PATH=$(pwd)/target/lib ./target/bin/openssl ecparam -genkey -name Oakley-EC2N-4 -----BEGIN EC PARAMETERS----- BgA= -----END EC PARAMETERS----- 140614096975512:error:0306E06C:bignum routines:BN_mod_inverse:no inverse:bn_gcd.c:525: 140614096975512:error:0306E06C:bignum routines:BN_mod_inverse:no inverse:bn_gcd.c:525: 140614096975512:error:2A067003:lib(42):ECDSA_sign_setup:BN lib:ecs_ossl.c:206: 140614096975512:error:2A06502A:lib(42):ECDSA_do_sign:reason(42):ecs_ossl.c:302: 140614096975512:error:2D079089:FIPS routines:fips_pkey_signature_test:test failure:fips_post.c:166: 140614096975512:error:2D06A07F:FIPS routines:FIPS_CHECK_EC:pairwise test failed:ec_key.c:249: ~~~ I'm using Ubuntu 16.04 and openssl 1.0.2g-1ubuntu4.1. This was originally reported at Ruby's issue tracker: https://bugs.ruby-lang.org/issues/12504 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openssl/+bug/1593953/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp