Ubuntu
openssl package

openssl 0.9.8g-16ubuntu2 source package in Ubuntu

Changelog

openssl (0.9.8g-16ubuntu2) karmic; urgency=low

  * Patches forward ported from http://www.ubuntu.com/usn/USN-792-1 (by
    Marc Deslauriers)
  * SECURITY UPDATE: denial of service via memory consumption from large
    number of future epoch DTLS records.
    - crypto/pqueue.*: add new pqueue_size counter function.
    - ssl/d1_pkt.c: use pqueue_size to limit size of queue to 100.
    - http://cvs.openssl.org/chngview?cn=18187
    - CVE-2009-1377
  * SECURITY UPDATE: denial of service via memory consumption from
    duplicate or invalid sequence numbers in DTLS records.
    - ssl/d1_both.c: discard message if it's a duplicate or too far in the
      future.
    - http://marc.info/?l=openssl-dev&m=124263491424212&w=2
    - CVE-2009-1378
  * SECURITY UPDATE: denial of service or other impact via use-after-free
    in dtls1_retrieve_buffered_fragment.
    - ssl/d1_both.c: use temp frag_len instead of freed frag.
    - http://rt.openssl.org/Ticket/Display.html?id=1923&user=guest&pass=guest
    - CVE-2009-1379
  * SECURITY UPDATE: denial of service via DTLS ChangeCipherSpec packet
    that occurs before ClientHello.
    - ssl/s3_pkt.c: abort if s->session is NULL.
    - ssl/{ssl.h,ssl_err.c}: add new error codes.
    - http://cvs.openssl.org/chngview?cn=17369
    - CVE-2009-1386
  * SECURITY UPDATE: denial of service via an out-of-sequence DTLS
    handshake message.
    - ssl/d1_both.c: don't buffer fragments with no data.
    - http://cvs.openssl.org/chngview?cn=17958
    - CVE-2009-1387

 -- Jamie Strandboge <email address hidden>   Fri, 10 Jul 2009 14:44:47 -0500

Upload details

Uploaded by:
Jamie Strandboge
Uploaded to:
Karmic
Original maintainer:
Ubuntu Development Team
Architectures:
any
Section:
utils
Urgency:
Low Urgency

See full publishing history Publishing

Series Pocket Published Component Section

Downloads

File Size SHA-256 Checksum
openssl_0.9.8g.orig.tar.gz 3.2 MiB 0e26886845de95716c9f1b9b75c0e06e9d4075d2bdc9e11504eaa5f7ee901cf0
openssl_0.9.8g-16ubuntu2.diff.gz 59.8 KiB 6113e5b3425c9c84c89bdf9cdcb707b3ea777559617c3b2e0757cade13231b1d
openssl_0.9.8g-16ubuntu2.dsc 1.4 KiB 6971679e0920f3d366762b3632ce222247ba37a2e05819c2e95f6359bf8cbfa9

View changes file

Binary packages built by this source

libcrypto0.9.8-udeb: No summary available for libcrypto0.9.8-udeb in ubuntu karmic.

No description available for libcrypto0.9.8-udeb in ubuntu karmic.

libssl-dev: No summary available for libssl-dev in ubuntu karmic.

No description available for libssl-dev in ubuntu karmic.

libssl0.9.8: No summary available for libssl0.9.8 in ubuntu karmic.

No description available for libssl0.9.8 in ubuntu karmic.

libssl0.9.8-dbg: No summary available for libssl0.9.8-dbg in ubuntu karmic.

No description available for libssl0.9.8-dbg in ubuntu karmic.

openssl: No summary available for openssl in ubuntu karmic.

No description available for openssl in ubuntu karmic.

openssl-doc: No summary available for openssl-doc in ubuntu karmic.

No description available for openssl-doc in ubuntu karmic.