openssl 1.1.1c-1ubuntu4.1 source package in Ubuntu
Changelog
openssl (1.1.1c-1ubuntu4.1) eoan-security; urgency=medium
* SECURITY UPDATE: ECDSA remote timing attack
- debian/patches/CVE-2019-1547.patch: for ECC parameters with NULL or
zero cofactor, compute it in crypto/ec/ec_lib.c.
- CVE-2019-1547
* SECURITY UPDATE: Fork Protection
- debian/patches/CVE-2019-1549.patch: ensure fork-safety without using
a pthread_atfork handler in crypto/include/internal/rand_int.h,
crypto/init.c, crypto/rand/drbg_lib.c, crypto/rand/rand_lcl.h,
crypto/rand/rand_lib.c, crypto/threads_none.c,
crypto/threads_pthread.c, crypto/threads_win.c,
include/internal/cryptlib.h, test/drbgtest.c.
- CVE-2019-1549
* SECURITY UPDATE: rsaz_512_sqr overflow bug on x86_64
- debian/patches/CVE-2019-1551.patch: fix an overflow bug in
rsaz_512_sqr in crypto/bn/asm/rsaz-x86_64.pl.
- CVE-2019-1551
* SECURITY UPDATE: Padding Oracle issue
- debian/patches/CVE-2019-1563.patch: fix a padding oracle in
PKCS7_dataDecode and CMS_decrypt_set1_pkey in crypto/cms/cms_env.c,
crypto/cms/cms_lcl.h, crypto/cms/cms_smime.c,
crypto/pkcs7/pk7_doit.c.
- CVE-2019-1563
-- Marc Deslauriers <email address hidden> Wed, 27 May 2020 15:04:47 -0400
Upload details
- Uploaded by:
- Marc Deslauriers
- Uploaded to:
- Eoan
- Original maintainer:
- Ubuntu Developers
- Architectures:
- any all
- Section:
- utils
- Urgency:
- Medium Urgency
See full publishing history Publishing
| Series | Published | Component | Section |
|---|
Downloads
| File | Size | SHA-256 Checksum |
|---|---|---|
| openssl_1.1.1c.orig.tar.gz | 8.5 MiB | f6fb3079ad15076154eda9413fed42877d668e7069d9b87396d0804fdb3f4c90 |
| openssl_1.1.1c.orig.tar.gz.asc | 833 bytes | 12663f13a236f0ccb4e74fe2d61b7b2dc1dbdeb83767b21505e61af67d2da6b8 |
| openssl_1.1.1c-1ubuntu4.1.debian.tar.xz | 127.8 KiB | c837ed6258e75b8a132dc041416c546d1ba6caf1d586b785078f76fbc126c7bc |
| openssl_1.1.1c-1ubuntu4.1.dsc | 2.7 KiB | fea989a1aeb3975f0aa72286cd1aaecf64f1c778717e3d76a0262fcdaf49bbef |
Available diffs
Binary packages built by this source
- libcrypto1.1-udeb: No summary available for libcrypto1.1-udeb in ubuntu eoan.
No description available for libcrypto1.1-udeb in ubuntu eoan.
- libssl-dev: No summary available for libssl-dev in ubuntu eoan.
No description available for libssl-dev in ubuntu eoan.
- libssl-doc: No summary available for libssl-doc in ubuntu eoan.
No description available for libssl-doc in ubuntu eoan.
- libssl1.1: No summary available for libssl1.1 in ubuntu eoan.
No description available for libssl1.1 in ubuntu eoan.
- libssl1.1-dbgsym: No summary available for libssl1.1-dbgsym in ubuntu eoan.
No description available for libssl1.1-dbgsym in ubuntu eoan.
- libssl1.1-udeb: No summary available for libssl1.1-udeb in ubuntu eoan.
No description available for libssl1.1-udeb in ubuntu eoan.
- openssl: No summary available for openssl in ubuntu eoan.
No description available for openssl in ubuntu eoan.
- openssl-dbgsym: No summary available for openssl-dbgsym in ubuntu eoan.
No description available for openssl-dbgsym in ubuntu eoan.
