-
openssl (1.0.1-4ubuntu5.45) precise-security; urgency=medium
* SECURITY UPDATE: EDIPARTYNAME NULL pointer de-ref
- debian/patches/DirectoryString-is-a-CHOICE-type-and-therefore-uses-expli.patch:
use explicit tagging for DirectoryString in crypto/x509v3/v3_genn.c.
- debian/patches/Correctly-compare-EdiPartyName-in-GENERAL_NAME_cmp.patch:
correctly compare EdiPartyName in crypto/x509v3/v3_genn.c.
- debian/patches/Check-that-multi-strings-CHOICE-types-don-t-use-implicit-.patch:
check that multi-strings/CHOICE types don't use implicit tagging in
crypto/asn1/asn1_err.c, crypto/asn1/tasn_dec.c, crypto/asn1/asn1.h.
- debian/patches/Complain-if-we-are-attempting-to-encode-with-an-invalid-A.patch:
complain if we are attempting to encode with an invalid ASN.1 template in
crypto/asn1/asn1_err.c, crypto/asn1/tasn_enc.c, crypto/asn1/asn1.h.
- CVE-2020-1971
* SECURITY UPDATE: Null pointer deref in X509_issuer_and_serial_hash()
- debian/patches/CVE-2021-23841.patch: fix Null pointer deref in
crypto/x509/x509_cmp.c.
- CVE-2021-23841
-- Avital Ostromich <email address hidden> Fri, 19 Feb 2021 17:38:20 -0500
-
openssl (1.0.1-4ubuntu5.39) precise-security; urgency=medium
* SECURITY UPDATE: Pointer arithmetic undefined behaviour
- debian/patches/CVE-2016-2177-pre.patch: check for ClientHello message
overruns in ssl/s3_srvr.c.
- debian/patches/CVE-2016-2177-pre2.patch: validate ClientHello
extension field length in ssl/t1_lib.c.
- debian/patches/CVE-2016-2177-pre3.patch: pass in a limit rather than
calculate it in ssl/s3_srvr.c, ssl/ssl_locl.h, ssl/t1_lib.c.
- debian/patches/CVE-2016-2177.patch: avoid undefined pointer
arithmetic in ssl/s3_srvr.c, ssl/t1_lib.c,
- CVE-2016-2177
* SECURITY UPDATE: ECDSA P-256 timing attack key recovery
- debian/patches/CVE-2016-7056.patch: use BN_mod_exp_mont_consttime in
crypto/ec/ec.h, crypto/ec/ec_lcl.h, crypto/ec/ec_lib.c,
crypto/ecdsa/ecs_ossl.c.
- CVE-2016-7056
* SECURITY UPDATE: DoS via warning alerts
- debian/patches/CVE-2016-8610.patch: don't allow too many consecutive
warning alerts in ssl/d1_pkt.c, ssl/s3_pkt.c, ssl/ssl.h,
ssl/ssl_locl.h.
- debian/patches/CVE-2016-8610-2.patch: fail if an unrecognised record
type is received in ssl/s3_pkt.c.
- CVE-2016-8610
* SECURITY UPDATE: Truncated packet could crash via OOB read
- debian/patches/CVE-2017-3731-pre.patch: sanity check
EVP_CTRL_AEAD_TLS_AAD in crypto/evp/e_aes.c,
crypto/evp/e_aes_cbc_hmac_sha1.c, crypto/evp/e_rc4_hmac_md5.c,
crypto/evp/evp.h, ssl/t1_enc.c.
- debian/patches/CVE-2017-3731.patch: harden RC4_MD5 cipher in
crypto/evp/e_rc4_hmac_md5.c.
- CVE-2017-3731
-- Marc Deslauriers <email address hidden> Mon, 30 Jan 2017 14:30:36 -0500
-
openssl (1.0.1-4ubuntu5.38) precise-security; urgency=medium
* SECURITY REGRESSION: incomplete fix for CVE-2016-2182 (LP: #1626883)
- debian/patches/CVE-2016-2182-2.patch: fix off-by-one in overflow
check in crypto/bn/bn_print.c.
-- Marc Deslauriers <email address hidden> Fri, 23 Sep 2016 07:59:32 -0400
-
openssl (1.0.1-4ubuntu5.37) precise-security; urgency=medium
* SECURITY UPDATE: Constant time flag not preserved in DSA signing
- debian/patches/CVE-2016-2178-*.patch: preserve BN_FLG_CONSTTIME in
crypto/dsa/dsa_ossl.c.
- CVE-2016-2178
* SECURITY UPDATE: DTLS buffered message DoS
- debian/patches/CVE-2016-2179.patch: fix queue handling in
ssl/d1_both.c, ssl/d1_clnt.c, ssl/d1_lib.c, ssl/d1_srvr.c,
ssl/ssl_locl.h.
- CVE-2016-2179
* SECURITY UPDATE: OOB read in TS_OBJ_print_bio()
- debian/patches/CVE-2016-2180.patch: fix text handling in
crypto/ts/ts_lib.c.
- CVE-2016-2180
* SECURITY UPDATE: DTLS replay protection DoS
- debian/patches/CVE-2016-2181-1.patch: properly handle unprocessed
records in ssl/d1_pkt.c.
- debian/patches/CVE-2016-2181-2.patch: protect against replay attacks
in ssl/d1_pkt.c, ssl/ssl.h, ssl/ssl_err.c.
- debian/patches/CVE-2016-2181-3.patch: update error code in ssl/ssl.h.
- CVE-2016-2181
* SECURITY UPDATE: OOB write in BN_bn2dec()
- debian/patches/CVE-2016-2182.patch: don't overflow buffer in
crypto/bn/bn_print.c.
- CVE-2016-2182
* SECURITY UPDATE: SWEET32 Mitigation
- debian/patches/CVE-2016-2183.patch: move DES ciphersuites from HIGH
to MEDIUM in ssl/s3_lib.c.
- CVE-2016-2183
* SECURITY UPDATE: Malformed SHA512 ticket DoS
- debian/patches/CVE-2016-6302.patch: sanity check ticket length in
ssl/t1_lib.c.
- CVE-2016-6302
* SECURITY UPDATE: OOB write in MDC2_Update()
- debian/patches/CVE-2016-6303.patch: avoid overflow in
crypto/mdc2/mdc2dgst.c.
- CVE-2016-6303
* SECURITY UPDATE: OCSP Status Request extension unbounded memory growth
- debian/patches/CVE-2016-6304.patch: remove OCSP_RESPIDs from previous
handshake in ssl/t1_lib.c.
- CVE-2016-6304
* SECURITY UPDATE: Certificate message OOB reads
- debian/patches/CVE-2016-6306-1.patch: check lengths in ssl/s3_clnt.c,
ssl/s3_srvr.c.
- debian/patches/CVE-2016-6306-2.patch: make message buffer slightly
larger in ssl/d1_both.c, ssl/s3_both.c.
- CVE-2016-6306
* SECURITY REGRESSION: DTLS regression (LP: #1622500)
- debian/patches/CVE-2014-3571-3.patch: make DTLS always act as if
read_ahead is set in ssl/s3_pkt.c.
* debian/patches/update-expired-smime-test-certs.patch: Update test
certificates that have expired and caused build test failures.
-- Marc Deslauriers <email address hidden> Thu, 22 Sep 2016 13:39:47 -0400
-
openssl (1.0.1-4ubuntu5.36) precise-security; urgency=medium
* SECURITY UPDATE: EVP_EncodeUpdate overflow
- debian/patches/CVE-2016-2105.patch: properly check lengths in
crypto/evp/encode.c, add documentation to
doc/crypto/EVP_EncodeInit.pod, doc/crypto/evp.pod.
- CVE-2016-2105
* SECURITY UPDATE: EVP_EncryptUpdate overflow
- debian/patches/CVE-2016-2106.patch: fix overflow in
crypto/evp/evp_enc.c.
- CVE-2016-2106
* SECURITY UPDATE: Padding oracle in AES-NI CBC MAC check
- debian/patches/CVE-2016-2107.patch: check that there are enough
padding characters in crypto/evp/e_aes_cbc_hmac_sha1.c.
- CVE-2016-2107
* SECURITY UPDATE: Memory corruption in the ASN.1 encoder
- debian/patches/CVE-2016-2108-1.patch: don't mishandle zero if it is
marked as negative in crypto/asn1/a_int.c.
- debian/patches/CVE-2016-2108-2.patch: fix ASN1_INTEGER handling in
crypto/asn1/a_type.c, crypto/asn1/asn1.h, crypto/asn1/tasn_dec.c,
crypto/asn1/tasn_enc.c.
- CVE-2016-2108
* SECURITY UPDATE: ASN.1 BIO excessive memory allocation
- debian/patches/CVE-2016-2109.patch: properly handle large amounts of
data in crypto/asn1/a_d2i_fp.c.
- CVE-2016-2109
* debian/patches/min_1024_dh_size.patch: change minimum DH size from 768
to 1024.
-- Marc Deslauriers <email address hidden> Thu, 28 Apr 2016 11:45:24 -0400
-
openssl (1.0.1-4ubuntu5.35) precise-security; urgency=medium
* SECURITY UPDATE: side channel attack on modular exponentiation
- debian/patches/CVE-2016-0702.patch: use constant-time calculations in
crypto/bn/asm/x86_64-mont5.pl, crypto/bn/bn_exp.c,
crypto/perlasm/x86_64-xlate.pl, crypto/constant_time_locl.h.
- CVE-2016-0702
* SECURITY UPDATE: double-free in DSA code
- debian/patches/CVE-2016-0705.patch: fix double-free in
crypto/dsa/dsa_ameth.c.
- CVE-2016-0705
* SECURITY UPDATE: BN_hex2bn/BN_dec2bn NULL pointer deref/heap corruption
- debian/patches/CVE-2016-0797.patch: prevent overflow in
crypto/bn/bn_print.c, crypto/bn/bn.h.
- CVE-2016-0797
* SECURITY UPDATE: memory leak in SRP database lookups
- debian/patches/CVE-2016-0798.patch: disable SRP fake user seed and
introduce new SRP_VBASE_get1_by_user function that handled seed
properly in apps/s_server.c, crypto/srp/srp.h, crypto/srp/srp_vfy.c,
util/libeay.num, openssl.ld.
- CVE-2016-0798
* SECURITY UPDATE: memory issues in BIO_*printf functions
- debian/patches/CVE-2016-0799.patch: prevent overflow in
crypto/bio/b_print.c.
- CVE-2016-0799
* debian/patches/preserve_digests_for_sni.patch: preserve negotiated
digests for SNI when SSL_set_SSL_CTX is called in ssl/ssl_lib.c.
(LP: #1550643)
-- Marc Deslauriers <email address hidden> Mon, 29 Feb 2016 08:01:48 -0500
-
openssl (1.0.1-4ubuntu5.34) precise-security; urgency=medium
* debian/patches/alt-cert-chains-*.patch: backport series of upstream
commits to add alternate chains support. This will allow the future
removal of 1024-bit RSA keys from the ca-certificates package.
-- Marc Deslauriers <email address hidden> Mon, 08 Feb 2016 09:15:37 -0500
-
openssl (1.0.1-4ubuntu5.33) precise-security; urgency=medium
* SECURITY UPDATE: incorrect RSA+MD5 support with TLS 1.2
- debian/patches/CVE-2015-7575.patch: disable RSA+MD5 when using TLS
1.2 in ssl/t1_lib.c.
- CVE-2015-7575
-- Marc Deslauriers <email address hidden> Thu, 07 Jan 2016 09:27:55 -0500
-
openssl (1.0.1-4ubuntu5.32) precise-security; urgency=medium
* SECURITY UPDATE: Certificate verify crash with missing PSS parameter
- debian/patches/CVE-2015-3194.patch: add PSS parameter check to
crypto/rsa/rsa_ameth.c.
- CVE-2015-3194
* SECURITY UPDATE: X509_ATTRIBUTE memory leak
- debian/patches/CVE-2015-3195.patch: fix leak in
crypto/asn1/tasn_dec.c.
- CVE-2015-3195
* SECURITY UPDATE: Race condition handling PSK identify hint
- debian/patches/CVE-2015-3196.patch: fix PSK handling in
ssl/s3_clnt.c, ssl/s3_srvr.c.
- CVE-2015-3196
-- Marc Deslauriers <email address hidden> Fri, 04 Dec 2015 08:22:09 -0500
-
openssl (1.0.1-4ubuntu5.31) precise-security; urgency=medium
* SECURITY IMPROVEMENT: reject dh keys smaller than 768 bits
- debian/patches/reject_small_dh.patch: reject small dh keys in
ssl/s3_clnt.c, ssl/ssl.h, ssl/ssl_err.c, update documentation in
doc/ssl/SSL_CTX_set_tmp_dh_callback.pod, make s_server use 2048-bit
dh in apps/s_server.c, clarify docs in doc/apps/dhparam.pod,
switch defaut dh to 2048-bit in apps/dhparam.c, apps/gendh.c.
* SECURITY UPDATE: denial of service and possible code execution via
invalid free in DTLS
- debian/patches/CVE-2014-8176.patch: fix invalid free in ssl/d1_lib.c.
- CVE-2014-8176
* SECURITY UPDATE: denial of service via malformed ECParameters
- debian/patches/CVE-2015-1788.patch: improve logic in
crypto/bn/bn_gf2m.c.
- CVE-2015-1788
* SECURITY UPDATE: denial of service via out-of-bounds read in
X509_cmp_time
- debian/patches/CVE-2015-1789.patch: properly parse time format in
crypto/x509/x509_vfy.c.
- CVE-2015-1789
* SECURITY UPDATE: denial of service via missing EnvelopedContent
- debian/patches/CVE-2015-1790.patch: handle NULL data_body in
crypto/pkcs7/pk7_doit.c.
- CVE-2015-1790
* SECURITY UPDATE: race condition in NewSessionTicket
- debian/patches/CVE-2015-1791.patch: create a new session in
ssl/s3_clnt.c, ssl/ssl.h, ssl/ssl_err.c, ssl/ssl_locl.h,
ssl/ssl_sess.c.
- debian/patches/CVE-2015-1791-2.patch: fix kerberos issue in
ssl/ssl_sess.c.
- debian/patches/CVE-2015-1791-3.patch: more ssl_session_dup fixes in
ssl/ssl_sess.c.
- CVE-2015-1791
* SECURITY UPDATE: CMS verify infinite loop with unknown hash function
- debian/patches/CVE-2015-1792.patch: fix infinite loop in
crypto/cms/cms_smime.c.
- CVE-2015-1792
-- Marc Deslauriers <email address hidden> Thu, 11 Jun 2015 07:35:48 -0400
-
openssl (1.0.1-4ubuntu5.28) precise-security; urgency=medium
* SECURITY IMPROVEMENT: Disable EXPORT ciphers by default
- debian/patches/disable_export_ciphers.patch: remove export ciphers
from the DEFAULT cipher list in ssl/ssl.h, ssl/ssl_ciph.c,
doc/apps/ciphers.pod.
-- Marc Deslauriers <email address hidden> Thu, 28 May 2015 08:58:31 -0400
-
openssl (1.0.1-4ubuntu5.27) precise-security; urgency=medium
* debian/patches/tls12_client_env.patch: Re-enable TLSv1.2 support on the
client by default. For problematic setups, it can be disabled again by
setting OPENSSL_NO_CLIENT_TLS1_2 in the environment during library
initialization. (LP: #1442970)
-- Marc Deslauriers <email address hidden> Mon, 27 Apr 2015 13:13:18 -0400
-
openssl (1.0.1-4ubuntu5.25) precise-security; urgency=medium
* SECURITY UPDATE: denial of service and possible memory corruption via
malformed EC private key
- debian/patches/CVE-2015-0209.patch: fix use after free in
crypto/ec/ec_asn1.c.
- debian/patches/CVE-2015-0209-2.patch: fix a failure to NULL a pointer
freed on error in crypto/asn1/x_x509.c, crypto/ec/ec_asn1.c.
- CVE-2015-0209
* SECURITY UPDATE: denial of service via cert verification
- debian/patches/CVE-2015-0286.patch: handle boolean types in
crypto/asn1/a_type.c.
- CVE-2015-0286
* SECURITY UPDATE: ASN.1 structure reuse memory corruption
- debian/patches/CVE-2015-0287.patch: free up structures in
crypto/asn1/tasn_dec.c.
- CVE-2015-0287
* SECURITY UPDATE: denial of service via invalid certificate key
- debian/patches/CVE-2015-0288.patch: check public key isn't NULL in
crypto/x509/x509_req.c.
- CVE-2015-0288
* SECURITY UPDATE: denial of service and possible code execution via
PKCS#7 parsing
- debian/patches/CVE-2015-0289.patch: handle missing content in
crypto/pkcs7/pk7_doit.c, crypto/pkcs7/pk7_lib.c.
- CVE-2015-0289
* SECURITY UPDATE: denial of service or memory corruption via base64
decoding
- debian/patches/CVE-2015-0292.patch: prevent underflow in
crypto/evp/encode.c.
- CVE-2015-0292
* SECURITY UPDATE: denial of service via assert in SSLv2 servers
- debian/patches/CVE-2015-0293.patch: check key lengths in
ssl/s2_lib.c, ssl/s2_srvr.c.
- debian/patches/CVE-2015-0293-2.patch: fix unsigned/signed warnings in
ssl/s2_srvr.c.
- CVE-2015-0293
-- Marc Deslauriers <email address hidden> Thu, 19 Mar 2015 10:03:00 -0400
-
openssl (1.0.1-4ubuntu5.22) precise; urgency=medium
* Fix DTLS handshake on amd64 (LP: #1425914)
- debian/patches/lp1425914.patch: backport upstream patch that fixes
alignment issue causing an assert in ssl/ssl_ciph.c.
-- Marc Deslauriers <email address hidden> Thu, 26 Feb 2015 13:05:15 -0500
-
openssl (1.0.1-4ubuntu5.21) precise-security; urgency=medium
* SECURITY UPDATE: denial of service via unexpected handshake when
no-ssl3 build option is used (not the default)
- debian/patches/CVE-2014-3569.patch: keep the old method for now in
ssl/s23_srvr.c.
- CVE-2014-3569
* SECURITY UPDATE: bignum squaring may produce incorrect results
- debian/patches/CVE-2014-3570.patch: fix bignum logic in
crypto/bn/asm/mips.pl, crypto/bn/asm/x86_64-gcc.c,
crypto/bn/bn_asm.c, removed crypto/bn/asm/mips3.s, added test to
crypto/bn/bntest.c.
- CVE-2014-3570
* SECURITY UPDATE: DTLS segmentation fault in dtls1_get_record
- debian/patches/CVE-2014-3571-1.patch: fix crash in ssl/d1_pkt.c,
ssl/s3_pkt.c.
- debian/patches/CVE-2014-3571-2.patch: make code more obvious in
ssl/d1_pkt.c.
- CVE-2014-3571
* SECURITY UPDATE: ECDHE silently downgrades to ECDH [Client]
- debian/patches/CVE-2014-3572.patch: don't skip server key exchange in
ssl/s3_clnt.c.
- CVE-2014-3572
* SECURITY UPDATE: certificate fingerprints can be modified
- debian/patches/CVE-2014-8275.patch: fix various fingerprint issues in
crypto/asn1/a_bitstr.c, crypto/asn1/a_type.c, crypto/asn1/a_verify.c,
crypto/asn1/asn1.h, crypto/asn1/asn1_err.c, crypto/asn1/x_algor.c,
crypto/dsa/dsa_asn1.c, crypto/ecdsa/ecs_vrf.c, crypto/x509/x509.h,
crypto/x509/x_all.c.
- CVE-2014-8275
* SECURITY UPDATE: RSA silently downgrades to EXPORT_RSA [Client]
- debian/patches/CVE-2015-0204.patch: only allow ephemeral RSA keys in
export ciphersuites in ssl/d1_srvr.c, ssl/s3_clnt.c, ssl/s3_srvr.c,
ssl/ssl.h, adjust documentation in doc/ssl/SSL_CTX_set_options.pod,
doc/ssl/SSL_CTX_set_tmp_rsa_callback.pod.
- CVE-2015-0204
* SECURITY UPDATE: DTLS memory leak in dtls1_buffer_record
- debian/patches/CVE-2015-0206.patch: properly handle failures in
ssl/d1_pkt.c.
- CVE-2015-0206
* debian/patches/CVE-2015-0205.patch: fix code to prevent confusion in
ssl/s3_srvr.c.
-- Marc Deslauriers <email address hidden> Fri, 09 Jan 2015 10:24:21 -0500
-
openssl (1.0.1-4ubuntu5.20) precise-security; urgency=medium
* SECURITY UPDATE: denial of service via DTLS SRTP memory leak
- debian/patches/CVE-2014-3513.patch: fix logic in ssl/d1_srtp.c,
ssl/srtp.h, ssl/t1_lib.c, util/mk1mf.pl, util/mkdef.pl,
util/ssleay.num.
- CVE-2014-3513
* SECURITY UPDATE: denial of service via session ticket integrity check
memory leak
- debian/patches/CVE-2014-3567.patch: perform cleanup in ssl/t1_lib.c.
- CVE-2014-3567
* SECURITY UPDATE: fix the no-ssl3 build option
- debian/patches/CVE-2014-3568.patch: fix conditional code in
ssl/s23_clnt.c, ssl/s23_srvr.c.
- CVE-2014-3568
* SECURITY IMPROVEMENT: Added TLS_FALLBACK_SCSV support to mitigate a
protocol downgrade attack to SSLv3 that exposes the POODLE attack.
- debian/patches/tls_fallback_scsv_support.patch: added support for
TLS_FALLBACK_SCSV in apps/s_client.c, crypto/err/openssl.ec,
ssl/d1_lib.c, ssl/dtls1.h, ssl/s23_clnt.c, ssl/s23_srvr.c,
ssl/s2_lib.c, ssl/s3_enc.c, ssl/s3_lib.c, ssl/ssl.h, ssl/ssl3.h,
ssl/ssl_err.c, ssl/ssl_lib.c, ssl/t1_enc.c, ssl/tls1.h,
doc/apps/s_client.pod, doc/ssl/SSL_CTX_set_mode.pod.
-- Marc Deslauriers <email address hidden> Wed, 15 Oct 2014 13:12:15 -0400
-
openssl (1.0.1-4ubuntu5.18) precise-security; urgency=medium
* SECURITY IMPROVEMENT: remove cipher length limitation that was set to
work around problematic servers when using TLSv1.2 back in 2012.
(LP: #1376447)
- Although TLSv1.2 is disabled for clients by default, forcing it
enabled would truncate the cipher list, possibly removing important
ciphers, and was also breaking secure renegotiations.
- debian/patches/tls12_workarounds.patch: remove
OPENSSL_MAX_TLS1_2_CIPHER_LENGTH=50 from Configure.
-- Marc Deslauriers <email address hidden> Wed, 01 Oct 2014 16:15:14 -0400
-
openssl (1.0.1-4ubuntu5.17) precise-security; urgency=medium
* SECURITY UPDATE: double free when processing DTLS packets
- debian/patches/CVE-2014-3505.patch: fix double free in ssl/d1_both.c.
- CVE-2014-3505
* SECURITY UPDATE: DTLS memory exhaustion
- debian/patches/CVE-2014-3506.patch: fix DTLS handshake message size
checks in ssl/d1_both.c.
- CVE-2014-3506
* SECURITY UPDATE: DTLS memory leak from zero-length fragments
- debian/patches/CVE-2014-3507.patch: fix memory leak and return codes
in ssl/d1_both.c.
- CVE-2014-3507
* SECURITY UPDATE: information leak in pretty printing functions
- debian/patches/CVE-2014-3508.patch: fix OID handling in
crypto/asn1/a_object.c, crypto/objects/obj_dat.c.
- CVE-2014-3508
* SECURITY UPDATE: race condition in ssl_parse_serverhello_tlsext
- debian/patches/CVE-2014-3509.patch: fix race in ssl/t1_lib.c.
- CVE-2014-3509
* SECURITY UPDATE: DTLS anonymous EC(DH) denial of service
- debian/patches/CVE-2014-3510.patch: check for server certs in
ssl/d1_clnt.c, ssl/s3_clnt.c.
- CVE-2014-3510
* SECURITY UPDATE: TLS protocol downgrade attack
- debian/patches/CVE-2014-3511.patch: properly handle fragments in
ssl/s23_srvr.c.
- CVE-2014-3511
* SECURITY UPDATE: SRP buffer overrun
- debian/patches/CVE-2014-3512.patch: check parameters in
crypto/srp/srp_lib.c.
- CVE-2014-3512
* SECURITY UPDATE: crash with SRP ciphersuite in Server Hello message
- debian/patches/CVE-2014-5139.patch: fix SRP authentication and make
sure ciphersuite is set up correctly in ssl/s3_clnt.c, ssl/ssl_lib.c,
ssl/s3_lib.c, ssl/ssl.h, ssl/ssl_ciph.c, ssl/ssl_locl.h.
- CVE-2014-5139
-- Marc Deslauriers <email address hidden> Thu, 07 Aug 2014 08:16:48 -0400
-
openssl (1.0.1-4ubuntu5.16) precise-security; urgency=medium
* SECURITY UPDATE: regression with certain renegotiations (LP: #1332643)
- debian/patches/CVE-2014-0224-regression2.patch: accept CCS after
sending finished ssl/s3_clnt.c.
-- Marc Deslauriers <email address hidden> Fri, 20 Jun 2014 13:57:48 -0400
-
openssl (1.0.1-4ubuntu5.15) precise-security; urgency=medium
* SECURITY UPDATE: regression with tls_session_secret_cb (LP: #1329297)
- debian/patches/CVE-2014-0224.patch: set the CCS_OK flag when using
tls_session_secret_cb for session resumption in ssl/s3_clnt.c.
-- Marc Deslauriers <email address hidden> Thu, 12 Jun 2014 08:30:56 -0400
-
openssl (1.0.1-4ubuntu5.14) precise-security; urgency=medium
* SECURITY UPDATE: arbitrary code execution via DTLS invalid fragment
- debian/patches/CVE-2014-0195.patch: add consistency check for DTLS
fragments in ssl/d1_both.c.
- CVE-2014-0195
* SECURITY UPDATE: denial of service via DTLS recursion flaw
- debian/patches/CVE-2014-0221.patch: handle DTLS hello request without
recursion in ssl/d1_both.c.
- CVE-2014-0221
* SECURITY UPDATE: MITM via change cipher spec
- debian/patches/CVE-2014-0224-1.patch: only accept change cipher spec
when it is expected in ssl/s3_clnt.c, ssl/s3_pkt.c, ssl/s3_srvr.c,
ssl/ssl3.h.
- debian/patches/CVE-2014-0224-2.patch: don't accept zero length master
secrets in ssl/s3_pkt.c.
- debian/patches/CVE-2014-0224-3.patch: allow CCS after resumption in
ssl/s3_clnt.c.
- CVE-2014-0224
* SECURITY UPDATE: denial of service via ECDH null session cert
- debian/patches/CVE-2014-3470.patch: check session_cert is not NULL
before dereferencing it in ssl/s3_clnt.c.
- CVE-2014-3470
-- Marc Deslauriers <email address hidden> Mon, 02 Jun 2014 14:05:34 -0400
-
openssl (1.0.1-4ubuntu5.13) precise-security; urgency=medium
* SECURITY UPDATE: denial of service via use after free
- debian/patches/CVE-2010-5298.patch: check s->s3->rbuf.left before
releasing buffers in ssl/s3_pkt.c.
- CVE-2010-5298
* SECURITY UPDATE: denial of service via null pointer dereference
- debian/patches/CVE-2014-0198.patch: if buffer was released, get a new
one in ssl/s3_pkt.c.
- CVE-2014-0198
-- Marc Deslauriers <email address hidden> Fri, 02 May 2014 15:28:21 -0400
-
openssl (1.0.1-4ubuntu5.12) precise-security; urgency=medium
* SECURITY UPDATE: side-channel attack on Montgomery ladder implementation
- debian/patches/CVE-2014-0076.patch: add and use constant time swap in
crypto/bn/bn.h, crypto/bn/bn_lib.c, crypto/ec/ec2_mult.c,
util/libeay.num.
- CVE-2014-0076
* SECURITY UPDATE: memory disclosure in TLS heartbeat extension
- debian/patches/CVE-2014-0160.patch: use correct lengths in
ssl/d1_both.c, ssl/t1_lib.c.
- CVE-2014-0160
-- Marc Deslauriers <email address hidden> Mon, 07 Apr 2014 15:45:14 -0400
-
openssl (1.0.1-4ubuntu5.11) precise-security; urgency=low
* SECURITY UPDATE: denial of service via invalid TLS handshake
- debian/patches/CVE-2013-4353.patch: handle no new cipher setup in
ssl/s3_both.c.
- CVE-2013-4353
* SECURITY UPDATE: denial of service via incorrect data structure
- debian/patches/CVE-2013-6449.patch: check for handshake digests in
ssl/s3_both.c,ssl/s3_pkt.c,ssl/t1_enc.c, use proper version in
ssl/s3_lib.c.
- CVE-2013-6449
* SECURITY UPDATE: denial of service via DTLS retransmission
- debian/patches/CVE-2013-6450.patch: fix DTLS retransmission in
crypto/evp/digest.c,ssl/d1_both.c,ssl/s3_pkt.c,ssl/s3_srvr.c,
ssl/ssl_locl.h,ssl/t1_enc.c.
- CVE-2013-6450
* debian/patches/no_default_rdrand.patch: Don't use rdrand engine as
default unless explicitly requested.
-- Marc Deslauriers <email address hidden> Wed, 08 Jan 2014 14:59:50 -0500
-
openssl (1.0.1-4ubuntu5.10) precise-security; urgency=low
* SECURITY UPDATE: Disable compression to avoid CRIME systemwide
(LP: #1187195)
- CVE-2012-4929
- debian/patches/openssl-1.0.1e-env-zlib.patch: disable default use of
zlib to compress SSL/TLS unless the environment variable
OPENSSL_DEFAULT_ZLIB is set in the environment during library
initialization.
- Introduced to assist with programs not yet updated to provide their own
controls on compression, such as Postfix
- http://pkgs.fedoraproject.org/cgit/openssl.git/plain/openssl-1.0.1e-env-zlib.patch
-- Seth Arnold <email address hidden> Mon, 03 Jun 2013 18:13:18 -0700
-
openssl (1.0.1-4ubuntu5.9) precise; urgency=low
[ Dmitrijs Ledkovs ]
* Enable arm assembly code. (LP: #1083498) (Closes: #676533)
* Enable optimized 64bit elliptic curve code contributed by Google. (LP: #1018522)
[ Marc Deslauriers ]
* debian/patches/fix_key_decoding_deadlock.patch: Fix possible deadlock
when decoding public keys. (LP: #1066032)
-- Dmitrijs Ledkovs <email address hidden> Mon, 15 Apr 2013 13:44:50 +0100
-
openssl (1.0.1-4ubuntu5.8) precise-security; urgency=low
* SECURITY UPDATE: "Lucky Thirteen" timing side-channel TLS attack
- debian/patches/CVE-2013-0169.patch: re-enabled patch and added extra
commits from upstream to fix regression.
- CVE-2013-0169
-- Marc Deslauriers <email address hidden> Tue, 19 Mar 2013 14:43:57 -0400
-
openssl (1.0.1-4ubuntu5.7) precise-security; urgency=low
* REGRESSION FIX: decryption errors on AES-NI hardware (LP: #1134873,
LP: #1133333)
- debian/patches/CVE-2013-0169.patch: disabled for now until fix is
available from upstream.
-- Marc Deslauriers <email address hidden> Thu, 28 Feb 2013 11:00:13 -0500
-
openssl (1.0.1-4ubuntu5.6) precise-security; urgency=low
* SECURITY UPDATE: denial of service via invalid OCSP key
- debian/patches/CVE-2013-0166.patch: properly handle NULL key in
crypto/asn1/a_verify.c, crypto/ocsp/ocsp_vfy.c.
- CVE-2013-0166
* SECURITY UPDATE: "Lucky Thirteen" timing side-channel TLS attack
- debian/patches/CVE-2013-0169.patch: massive code changes
- CVE-2013-0169
* SECURITY UPDATE: denial of service via AES-NI and crafted CBC data
- Fix included in CVE-2013-0169 patch
- CVE-2012-2686
-- Marc Deslauriers <email address hidden> Mon, 18 Feb 2013 14:04:17 -0500
-
openssl (1.0.1-4ubuntu5.5) precise-proposed; urgency=low
* debian/patches/lp973741.patch: Apply complete and more recent changeset,
which fixes original issue on Intel CPUs and fixes FTBFS on non-x86
architectures. (LP: #973741)
openssl (1.0.1-4ubuntu5.4) precise-proposed; urgency=low
* debian/patches/lp973741.patch: Avoid segfault on legacy Intel CPUs
by using correct cypher. (LP: #973741)
-- Adam Gandelman <email address hidden> Tue, 14 Aug 2012 17:44:51 +0100
-
openssl (1.0.1-4ubuntu5.4) precise-proposed; urgency=low
* debian/patches/lp973741.patch: Avoid segfault on legacy Intel CPUs
by using correct cypher. (LP: #973741)
-- Adam Gandelman <email address hidden> Thu, 26 Jul 2012 00:14:32 -0700
-
openssl (1.0.1-4ubuntu5.3) precise-security; urgency=low
* SECURITY UPDATE: SSL_OP_ALL incorrectly disables TLS 1.1 (LP: #1018998)
- debian/patches/lp1018998.patch: change SSL_OP_NO_TLSv1_1 from
0x00000400L to 0x10000000L as in 1.0.1b to prevent applications
compiled with SSL_OP_ALL from incorrectly disabling TLS 1.1.
* debian/patches/lp1020621.patch: Make renegotiation work for TLS 1.2, 1.1
by not using a lower record version client hello workaround if
renegotiating. (LP: #1020621)
-- Marc Deslauriers <email address hidden> Tue, 03 Jul 2012 11:36:01 -0400
-
openssl (1.0.1-4ubuntu5.2) precise-security; urgency=low
* SECURITY UPDATE: denial of service attack in DTLS, TLS v1.1 and
TLS v1.2 implementation
- debian/patches/CVE_2012-2333.patch: guard for integer overflow
before skipping explicit IV
- CVE-2012-2333
* debian/patches/CVE-2012-0884-extra.patch: initialize tkeylen
properly when encrypting CMS messages.
-- Steve Beattie <email address hidden> Tue, 22 May 2012 16:05:12 -0700
-
openssl (1.0.1-4ubuntu5) precise-proposed; urgency=low
* debian/patches/CVE-2012-2110b.patch: Use correct error code in
BUF_MEM_grow_clean()
openssl (1.0.1-4ubuntu4) precise-proposed; urgency=low
* Check TLS1_get_client_version rather than TLS1_get_version for client
hello cipher list truncation, in a further attempt to get things working
again for everyone (LP: #986147).
-- Jamie Strandboge <email address hidden> Tue, 24 Apr 2012 08:29:32 -0500
-
openssl (1.0.1-4ubuntu4) precise-proposed; urgency=low
* Check TLS1_get_client_version rather than TLS1_get_version for client
hello cipher list truncation, in a further attempt to get things working
again for everyone (LP: #986147).
-- Colin Watson <email address hidden> Tue, 24 Apr 2012 14:05:50 +0100
-
openssl (1.0.1-4ubuntu3) precise-proposed; urgency=low
* SECURITY UPDATE: fix various overflows
- debian/patches/CVE-2012-2110.patch: adjust crypto/a_d2i_fp.c,
crypto/buffer.c and crypto/mem.c to verify size of lengths
- CVE-2012-2110
-- Jamie Strandboge <email address hidden> Thu, 19 Apr 2012 10:31:06 -0500
-
openssl (1.0.1-4ubuntu2) precise-proposed; urgency=low
* Backport more upstream patches to work around TLS 1.2 failures
(LP #965371):
- Do not use record version number > TLS 1.0 in initial client hello:
some (but not all) hanging servers will now work.
- Truncate the number of ciphers sent in the client hello to 50. Most
broken servers should now work.
- Don't allow TLS 1.2 SHA-256 ciphersuites in TLS 1.0, 1.1 connections.
* Don't re-enable TLS 1.2 client support by default yet, since more of the
sites listed in the above bug and its duplicates still fail if I do that
versus leaving it disabled.
-- Colin Watson <email address hidden> Wed, 18 Apr 2012 15:03:56 +0100
-
openssl (1.0.1-4ubuntu1) precise; urgency=low
* Resynchronise with Debian (LP: #968753). Remaining changes:
- debian/libssl1.0.0.postinst:
+ Display a system restart required notification on libssl1.0.0
upgrade on servers.
+ Use a different priority for libssl1.0.0/restart-services depending
on whether a desktop, or server dist-upgrade is being performed.
- debian/{libssl1.0.0-udeb.dirs, control, rules}: Create
libssl1.0.0-udeb, for the benefit of wget-udeb (no wget-udeb package
in Debian).
- debian/{libcrypto1.0.0-udeb.dirs, libssl1.0.0.dirs, libssl1.0.0.files,
rules}: Move runtime libraries to /lib, for the benefit of
wpasupplicant.
- debian/patches/perlpath-quilt.patch: Don't change perl #! paths under
.pc.
- debian/rules:
+ Don't run 'make test' when cross-building.
+ Use host compiler when cross-building. Patch from Neil Williams.
+ Don't build for processors no longer supported: i586 (on i386)
+ Fix Makefile to properly clean up libs/ dirs in clean target.
+ Replace duplicate files in the doc directory with symlinks.
- Unapply patch c_rehash-multi and comment it out in the series as it
breaks parsing of certificates with CRLF line endings and other cases
(see Debian #642314 for discussion), it also changes the semantics of
c_rehash directories by requiring applications to parse hash link
targets as files containing potentially *multiple* certificates rather
than exactly one.
- Bump version passed to dh_makeshlibs to 1.0.1 for new symbols.
- Experimental workaround to large client hello issue: if
OPENSSL_NO_TLS1_2_CLIENT is set then TLS v1.2 is disabled for clients
only.
- Compile with -DOPENSSL_NO_TLS1_2_CLIENT.
openssl (1.0.1-4) unstable; urgency=low
* Use official patch for the vpaes problem, also covering amd64.
openssl (1.0.1-3) unstable; urgency=high
* Fix crash in vpaes (Closes: #665836)
* use client version when deciding whether to send supported signature
algorithms extension
-- Colin Watson <email address hidden> Tue, 10 Apr 2012 20:50:52 +0100
-
openssl (1.0.1-2ubuntu4) precise; urgency=low
* Pass cross-compiling options to 'make install' as well, since apparently
it likes to rebuild fips_premain_dso.
-- Colin Watson <email address hidden> Sat, 31 Mar 2012 00:48:38 +0100
-
openssl (1.0.1-2ubuntu3) precise; urgency=low
* Temporarily work around TLS 1.2 failures as suggested by upstream
(LP #965371):
- Use client version when deciding whether to send supported signature
algorithms extension.
- Experimental workaround to large client hello issue: if
OPENSSL_NO_TLS1_2_CLIENT is set then TLS v1.2 is disabled for clients
only.
- Compile with -DOPENSSL_NO_TLS1_2_CLIENT.
This fixes most of the reported problems, but does not fix the case of
servers that reject version numbers they don't support rather than
trying to negotiate a lower version (e.g. www.mediafire.com).
-- Colin Watson <email address hidden> Fri, 30 Mar 2012 17:11:45 +0100
-
openssl (1.0.1-2ubuntu2) precise; urgency=low
* Remove compat symlinks from /usr/lib to /lib, as they cause
some serious issued with symbol generation, and are not needed.
* Bump version passed to dh_makeshlibs to 1.0.1 for new symbols.
-- Adam Conrad <email address hidden> Fri, 23 Mar 2012 21:39:39 -0600
-
openssl (1.0.1-2ubuntu1) precise; urgency=low
* Resynchronise with Debian (LP: #958430). Remaining changes:
- debian/libssl1.0.0.postinst:
+ Display a system restart required notification on libssl1.0.0
upgrade on servers.
+ Use a different priority for libssl1.0.0/restart-services depending
on whether a desktop, or server dist-upgrade is being performed.
- debian/{libssl1.0.0-udeb.dirs, control, rules}: Create
libssl1.0.0-udeb, for the benefit of wget-udeb (no wget-udeb package
in Debian).
- debian/{libcrypto1.0.0-udeb.dirs, libssl1.0.0.dirs, libssl1.0.0.files,
rules}: Move runtime libraries to /lib, for the benefit of
wpasupplicant.
- debian/patches/perlpath-quilt.patch: Don't change perl #! paths under
.pc.
- debian/rules:
+ Don't run 'make test' when cross-building.
+ Use host compiler when cross-building. Patch from Neil Williams.
+ Don't build for processors no longer supported: i586 (on i386)
+ Fix Makefile to properly clean up libs/ dirs in clean target.
+ Replace duplicate files in the doc directory with symlinks.
- Unapply patch c_rehash-multi and comment it out in the series as it
breaks parsing of certificates with CRLF line endings and other cases
(see Debian #642314 for discussion), it also changes the semantics of
c_rehash directories by requiring applications to parse hash link
targets as files containing potentially *multiple* certificates rather
than exactly one.
* Drop aesni.patch, applied upstream.
* Drop Bsymbolic-functions.patch, now handled using dpkg-buildflags.
openssl (1.0.1-2) unstable; urgency=low
* Properly quote the new cflags in Configure
openssl (1.0.1-1) unstable; urgency=low
* New upstream version
- Remove kfreebsd-pipe.patch, fixed upstream
- Update pic.patch, openssl-pod-misspell.patch and make-targets.patch
- Add OPENSSL_1.0.1 to version-script.patch and libssl1.0.0.symbols for
the new functions.
- AES-NI support (Closes: #644743)
* pic.patch: upstream made OPENSSL_ia32cap_P and OPENSSL_cpuid_setup
hidden on amd64, no need to access it PIC anymore.
* pic.patch: Make OPENSSL_ia32cap_P hidden on i386 too (Closes: #663977)
* Enable hardening using dpkg-buildflags (Closes: #653495)
* s_client and s_server were forcing SSLv3 only connection when SSLv2 was
disabled instead of the SSLv2 with upgrade method. (Closes: #664454)
* Add Beaks on openssh < 1:5.9p1-4, it has a too strict version check.
openssl (1.0.0h-1) unstable; urgency=high
* New upstream version
- Fixes CVE-2012-0884
- Fixes CVE-2012-1165
- Properly fix CVE-2011-4619
- pkg-config.patch applied upstream, remove it.
* Enable assembler for all i386 arches. The assembler does proper
detection of CPU support, including cpuid support.
This should fix a problem with AES 192 and 256 with the padlock
engine because of the difference in NO_ASM between the between
the i686 optimized library and the engine.
-- Colin Watson <email address hidden> Thu, 22 Mar 2012 17:54:09 +0000
-
openssl (1.0.0g-1ubuntu1) precise; urgency=low
* Resynchronise with Debian. Remaining changes:
- debian/libssl1.0.0.postinst:
+ Display a system restart required notification on libssl1.0.0
upgrade on servers.
+ Use a different priority for libssl1.0.0/restart-services depending
on whether a desktop, or server dist-upgrade is being performed.
- debian/{libssl1.0.0-udeb.dirs, control, rules}: Create
libssl1.0.0-udeb, for the benefit of wget-udeb (no wget-udeb package
in Debian).
- debian/{libcrypto1.0.0-udeb.dirs, libssl1.0.0.dirs, libssl1.0.0.files,
rules}: Move runtime libraries to /lib, for the benefit of
wpasupplicant.
- debian/patches/aesni.patch: Backport Intel AES-NI support, now from
http://rt.openssl.org/Ticket/Display.html?id=2065 rather than the
0.9.8 variant.
- debian/patches/Bsymbolic-functions.patch: Link using
-Bsymbolic-functions.
- debian/patches/perlpath-quilt.patch: Don't change perl #! paths under
.pc.
- debian/rules:
+ Don't run 'make test' when cross-building.
+ Use host compiler when cross-building. Patch from Neil Williams.
+ Don't build for processors no longer supported: i586 (on i386)
+ Fix Makefile to properly clean up libs/ dirs in clean target.
+ Replace duplicate files in the doc directory with symlinks.
- Unapply patch c_rehash-multi and comment it out in the series as it
breaks parsing of certificates with CRLF line endings and other cases
(see Debian #642314 for discussion), it also changes the semantics of
c_rehash directories by requiring applications to parse hash link
targets as files containing potentially *multiple* certificates
rather than exactly one.
openssl (1.0.0g-1) unstable; urgency=high
* New upstream version
- Fixes CVE-2012-0050
openssl (1.0.0f-1) unstable; urgency=high
* New upstream version
- Fixes CVE-2011-4108, CVE-2011-4576, CVE-2011-4619, CVE-2012-0027,
CVE-2011-4577
-- Marc Deslauriers <email address hidden> Sat, 11 Feb 2012 13:27:31 -0500
-
openssl (1.0.0e-3ubuntu1) precise; urgency=low
* Resynchronise with Debian. Remaining changes:
- debian/libssl1.0.0.postinst:
+ Display a system restart required notification on libssl1.0.0
upgrade on servers.
+ Use a different priority for libssl1.0.0/restart-services depending
on whether a desktop, or server dist-upgrade is being performed.
- debian/{libssl1.0.0-udeb.dirs, control, rules}: Create
libssl1.0.0-udeb, for the benefit of wget-udeb (no wget-udeb package
in Debian).
- debian/{libcrypto1.0.0-udeb.dirs, libssl1.0.0.dirs, libssl1.0.0.files,
rules}: Move runtime libraries to /lib, for the benefit of
wpasupplicant.
- debian/patches/aesni.patch: Backport Intel AES-NI support, now from
http://rt.openssl.org/Ticket/Display.html?id=2065 rather than the
0.9.8 variant.
- debian/patches/Bsymbolic-functions.patch: Link using
-Bsymbolic-functions.
- debian/patches/perlpath-quilt.patch: Don't change perl #! paths under
.pc.
- debian/rules:
+ Don't run 'make test' when cross-building.
+ Use host compiler when cross-building. Patch from Neil Williams.
+ Don't build for processors no longer supported: i586 (on i386)
+ Fix Makefile to properly clean up libs/ dirs in clean target.
+ Replace duplicate files in the doc directory with symlinks.
- Unapply patch c_rehash-multi and comment it out in the series as it
breaks parsing of certificates with CRLF line endings and other cases
(see Debian #642314 for discussion), it also changes the semantics of
c_rehash directories by requiring applications to parse hash link
targets as files containing potentially *multiple* certificates
rather than exactly one.
openssl (1.0.0e-3) unstable; urgency=low
* Don't build v8 and v9 variants of sparc anymore, they're older than
the default. (Closes: #649841)
* Don't build i486 optimized version, that's the default anyway, and
it uses assembler that doesn't always work on i486.
openssl (1.0.0e-2.1) unstable; urgency=high
* Non-maintainer upload by the Security Team.
* Block Malaysian's Digicert Sdn. Bhd. certificates by marking them
as revoked.
-- Marc Deslauriers <email address hidden> Thu, 12 Jan 2012 11:30:17 +0100
-
openssl (1.0.0e-2ubuntu4) oneiric; urgency=low
* The previous change moved the notification to major upgrades only, but
in fact, we do want the sysadmin to be notified when security updates
are installed, without having services automatically restarted.
(LP: #244250)
-- Marc Deslauriers <email address hidden> Tue, 04 Oct 2011 09:31:22 -0400
