Format: 1.8 Date: Wed, 20 Jun 2018 07:29:12 -0400 Source: openssl Binary: openssl libssl1.1 libcrypto1.1-udeb libssl1.1-udeb libssl-dev libssl-doc Architecture: arm64 arm64_translations Version: 1.1.0g-2ubuntu4.1 Distribution: bionic Urgency: medium Maintainer: Launchpad Build Daemon Changed-By: Marc Deslauriers Description: libcrypto1.1-udeb - Secure Sockets Layer toolkit - libcrypto udeb (udeb) libssl-dev - Secure Sockets Layer toolkit - development files libssl-doc - Secure Sockets Layer toolkit - development documentation libssl1.1 - Secure Sockets Layer toolkit - shared libraries libssl1.1-udeb - ssl shared library - udeb (udeb) openssl - Secure Sockets Layer toolkit - cryptographic utility Changes: openssl (1.1.0g-2ubuntu4.1) bionic-security; urgency=medium . * SECURITY UPDATE: ECDSA key extraction side channel - debian/patches/CVE-2018-0495.patch: add blinding to an ECDSA signature in crypto/ec/ecdsa_ossl.c. - CVE-2018-0495 * SECURITY UPDATE: denial of service via long prime values - debian/patches/CVE-2018-0732.patch: reject excessively large primes in DH key generation in crypto/dh/dh_key.c. - CVE-2018-0732 * SECURITY UPDATE: RSA cache timing side channel attack - debian/patches/CVE-2018-0737-1.patch: replaced variable-time GCD in crypto/rsa/rsa_gen.c. - debian/patches/CVE-2018-0737-2.patch: used ERR set/pop mark in crypto/rsa/rsa_gen.c. - debian/patches/CVE-2018-0737-3.patch: consttime flag changed in crypto/rsa/rsa_gen.c. - debian/patches/CVE-2018-0737-4.patch: ensure BN_mod_inverse and BN_mod_exp_mont both get called with BN_FLG_CONSTTIME flag set in crypto/rsa/rsa_gen.c. - CVE-2018-0737 Checksums-Sha1: d0252ce3ca3cf990f976b4d065696164fdbfe3a2 766600 libcrypto1.1-udeb_1.1.0g-2ubuntu4.1_arm64.udeb ede19e21804631c97630076dcbe777bba490d74c 1188768 libssl-dev_1.1.0g-2ubuntu4.1_arm64.deb 022d87e2bdba53a7ac0bd586bc6dc6252fa41667 2843432 libssl1.1-dbgsym_1.1.0g-2ubuntu4.1_arm64.ddeb d344e4e456ccbebd3511babf4884cfe00ada67ef 118628 libssl1.1-udeb_1.1.0g-2ubuntu4.1_arm64.udeb 44980298b80b27c21d27dce9077c6ae8ac683868 914744 libssl1.1_1.1.0g-2ubuntu4.1_arm64.deb 2df7800fea9511be2228b4ad08a8181d9ef822b5 509644 openssl-dbgsym_1.1.0g-2ubuntu4.1_arm64.ddeb b7a6a10ff98eae3e0e68bc8b04093f82a9f045f6 7034 openssl_1.1.0g-2ubuntu4.1_arm64.buildinfo 7e4f8da4c253daae10fa39d053b19d39b5ccb11e 504848 openssl_1.1.0g-2ubuntu4.1_arm64.deb e77900e59feaeb1b770de902e9fd0a22dfbee369 20618 openssl_1.1.0g-2ubuntu4.1_arm64_translations.tar.gz Checksums-Sha256: 6d41ff5f7c6cd9f08937e67b6f87c880bddb57998c06212c95b58362b2ae4357 766600 libcrypto1.1-udeb_1.1.0g-2ubuntu4.1_arm64.udeb f491f6ea35964a916c995ff44ae649e9be7c9fb29be488fdcd78d3c522d11871 1188768 libssl-dev_1.1.0g-2ubuntu4.1_arm64.deb b25a111b146c94549366b2278bb5b285b51b30383c0dd71b22283fda43e7ee90 2843432 libssl1.1-dbgsym_1.1.0g-2ubuntu4.1_arm64.ddeb d7761de9cc40bf2f2a39f6015ef3d9e476d1bed1eac897da946434e6c9bc329c 118628 libssl1.1-udeb_1.1.0g-2ubuntu4.1_arm64.udeb d88772660c288d58d753ccd9bd0d5d4149e9739e1e0c67f0223d02d9a1359f9e 914744 libssl1.1_1.1.0g-2ubuntu4.1_arm64.deb af01d9d6d03135b7f56ac5195b7e73bdfcf1301ab0fc22c612d80660e1e7f934 509644 openssl-dbgsym_1.1.0g-2ubuntu4.1_arm64.ddeb 8660d96d6ffa1b571aad62d29ddab5239512f547a221fba680666999eb225d23 7034 openssl_1.1.0g-2ubuntu4.1_arm64.buildinfo f1fc98b85c661f3c2df22087ca251e5f210117e787fdad380b21db9047c7caf4 504848 openssl_1.1.0g-2ubuntu4.1_arm64.deb ee1a3b304c2a8f32280e7ae2f1771935ff2b6b5e6ae10e0b34d7fe7d032723ce 20618 openssl_1.1.0g-2ubuntu4.1_arm64_translations.tar.gz Files: 9ce10995cc788f121dda07c7760e6990 766600 debian-installer optional libcrypto1.1-udeb_1.1.0g-2ubuntu4.1_arm64.udeb c2082469e4a6b0a20bc2f645ecd8432b 1188768 libdevel optional libssl-dev_1.1.0g-2ubuntu4.1_arm64.deb c0004626d081c963dcc072d8889856f9 2843432 debug optional libssl1.1-dbgsym_1.1.0g-2ubuntu4.1_arm64.ddeb c768edce1e5305989696540d1e94efbf 118628 debian-installer optional libssl1.1-udeb_1.1.0g-2ubuntu4.1_arm64.udeb 98e6f68801aa46aa096786929d6b9592 914744 libs important libssl1.1_1.1.0g-2ubuntu4.1_arm64.deb d66398f0836cc972a9d596e0449e0cb7 509644 debug optional openssl-dbgsym_1.1.0g-2ubuntu4.1_arm64.ddeb 75ebeec7bf540fa277544a31ffbd4680 7034 utils optional openssl_1.1.0g-2ubuntu4.1_arm64.buildinfo 6712d4bf1de1bea44e9ecad756f2864d 504848 utils optional openssl_1.1.0g-2ubuntu4.1_arm64.deb c8c64130f642821c5cd6d294b1307f6d 20618 raw-translations - openssl_1.1.0g-2ubuntu4.1_arm64_translations.tar.gz Original-Maintainer: Debian OpenSSL Team