Format: 1.8 Date: Wed, 20 Jun 2018 07:57:40 -0400 Source: openssl Binary: openssl libssl1.0.0 libcrypto1.0.0-udeb libssl1.0.0-udeb libssl-dev libssl-doc libssl1.0.0-dbg Architecture: armhf armhf_translations Version: 1.0.1f-1ubuntu2.26 Distribution: trusty Urgency: medium Maintainer: Launchpad Build Daemon Changed-By: Marc Deslauriers Description: libcrypto1.0.0-udeb - Secure Sockets Layer toolkit - libcrypto udeb (udeb) libssl-dev - Secure Sockets Layer toolkit - development files libssl-doc - Secure Sockets Layer toolkit - development documentation libssl1.0.0 - Secure Sockets Layer toolkit - shared libraries libssl1.0.0-dbg - Secure Sockets Layer toolkit - debug information libssl1.0.0-udeb - ssl shared library - udeb (udeb) openssl - Secure Sockets Layer toolkit - cryptographic utility Changes: openssl (1.0.1f-1ubuntu2.26) trusty-security; urgency=medium . * SECURITY UPDATE: ECDSA key extraction side channel - debian/patches/CVE-2018-0495.patch: add blinding to an ECDSA signature in crypto/ecdsa/ecdsatest.c, crypto/ecdsa/ecs_ossl.c. - CVE-2018-0495 * SECURITY UPDATE: denial of service via long prime values - debian/patches/CVE-2018-0732.patch: reject excessively large primes in DH key generation in crypto/dh/dh_key.c. - CVE-2018-0732 * SECURITY UPDATE: RSA cache timing side channel attack (previous update was incomplete) - debian/patches/CVE-2018-0737-1.patch: replaced variable-time GCD in crypto/rsa/rsa_gen.c. - debian/patches/CVE-2018-0737-2.patch: used ERR set/pop mark in crypto/rsa/rsa_gen.c. - debian/patches/CVE-2018-0737-3.patch: consttime flag changed in crypto/rsa/rsa_gen.c. - debian/patches/CVE-2018-0737-4.patch: ensure BN_mod_inverse and BN_mod_exp_mont both get called with BN_FLG_CONSTTIME flag set in crypto/rsa/rsa_gen.c. - CVE-2018-0737 Checksums-Sha1: 203e53cc992b2f154451abc1c58e88cbc9381b4c 487146 openssl_1.0.1f-1ubuntu2.26_armhf.deb 58f80a679fe7c9d6b9c292575ab2baee25e97d87 659608 libssl1.0.0_1.0.1f-1ubuntu2.26_armhf.deb 3d6b342219daf8d92b7f119baa0b47d9a8ed69e9 473102 libcrypto1.0.0-udeb_1.0.1f-1ubuntu2.26_armhf.udeb a2a75eab270d1f1a772ce78692c72af2fdd8f494 103342 libssl1.0.0-udeb_1.0.1f-1ubuntu2.26_armhf.udeb a8271536e8e814fabd4728c4b4279ba7b76e97b7 913068 libssl-dev_1.0.1f-1ubuntu2.26_armhf.deb 67070a6cd17377f423a8e253a25aa789eee455e8 2538224 libssl1.0.0-dbg_1.0.1f-1ubuntu2.26_armhf.deb 236e609cf4a939644868b766eff246f9fec88c8f 1060 openssl-dbgsym_1.0.1f-1ubuntu2.26_armhf.ddeb da79fd3c09c26196f90ed70aa3b2ef2d19905472 900 libssl1.0.0-dbgsym_1.0.1f-1ubuntu2.26_armhf.ddeb 8eac6ffefffb9e7afd20b44a13b534de6d7b71ad 936 libcrypto1.0.0-udeb-dbgsym_1.0.1f-1ubuntu2.26_armhf.ddeb a1befa612630fc77c23311d7efc541c8df9b7f67 818 libssl1.0.0-udeb-dbgsym_1.0.1f-1ubuntu2.26_armhf.ddeb 08f1cb9c829f9696f468d438db4bd382b2d76e93 924 libssl-dev-dbgsym_1.0.1f-1ubuntu2.26_armhf.ddeb 128b4fca93649d0db5b5e70e52f75405be75bb9e 20570 openssl_1.0.1f-1ubuntu2.26_armhf_translations.tar.gz Checksums-Sha256: 1765ee7fa71021affe06fd29ad6637743e81342c2bf3f31bfa4b587d0d5641db 487146 openssl_1.0.1f-1ubuntu2.26_armhf.deb e8583949df07a1bc28f07a2589e76a5a6d694078b0ca72afab422156e9de9815 659608 libssl1.0.0_1.0.1f-1ubuntu2.26_armhf.deb 51d0ac0d873c8d98b27a68a12217676dd56a123213080587ecf5fc216ca68234 473102 libcrypto1.0.0-udeb_1.0.1f-1ubuntu2.26_armhf.udeb af6693bc352efd894a0b943287a733caca65898e3d25eb347a3d3d1359703875 103342 libssl1.0.0-udeb_1.0.1f-1ubuntu2.26_armhf.udeb f579fdc0a58ea3f082b77a065cadded7fe148e87d56c707c77d6821c87015be1 913068 libssl-dev_1.0.1f-1ubuntu2.26_armhf.deb aa85d81223cf90cbd05f61a19c6263d38ac4b6245154ae8feeca42fe94a108a1 2538224 libssl1.0.0-dbg_1.0.1f-1ubuntu2.26_armhf.deb 6331db168e46af5859b7e035b85e8a60da04369fbcfac16c9bd12c7e7da20aed 1060 openssl-dbgsym_1.0.1f-1ubuntu2.26_armhf.ddeb efb378b47c4444dffc85f8b0a61c5beaee4a1866af3f49d07b9ba38698cecef5 900 libssl1.0.0-dbgsym_1.0.1f-1ubuntu2.26_armhf.ddeb c97be9237097e449cff7e907c39ff5ef68a861d6bbdc8c0b1327c7314ce0a944 936 libcrypto1.0.0-udeb-dbgsym_1.0.1f-1ubuntu2.26_armhf.ddeb a94603a41d0a5cf87f623a9e675ff2f7da1b93a32fb6888c7f4b8fba9213ac54 818 libssl1.0.0-udeb-dbgsym_1.0.1f-1ubuntu2.26_armhf.ddeb 1fb5b1798dd8c87817a91112ba164c0dd1a0f5cc2fd36466bcdeea40f87a5060 924 libssl-dev-dbgsym_1.0.1f-1ubuntu2.26_armhf.ddeb 221008c15f0d62f9ee037c382fa96af194fd7b7ef8e8de39149ed4ddcdfea77e 20570 openssl_1.0.1f-1ubuntu2.26_armhf_translations.tar.gz Files: 9944cb7c21d2cd96023f5b5f06f04983 487146 utils optional openssl_1.0.1f-1ubuntu2.26_armhf.deb fe3e1dd0f600a72f20476385a35685c3 659608 libs important libssl1.0.0_1.0.1f-1ubuntu2.26_armhf.deb 973d48fc811cbab9fa666427753cf4ca 473102 debian-installer optional libcrypto1.0.0-udeb_1.0.1f-1ubuntu2.26_armhf.udeb 6dd156a80cf7e1b0211f9917209a9a96 103342 debian-installer optional libssl1.0.0-udeb_1.0.1f-1ubuntu2.26_armhf.udeb ce9ffd1a5784bada207efe9a2404e125 913068 libdevel optional libssl-dev_1.0.1f-1ubuntu2.26_armhf.deb 69c257ea5b264d096aee44fd08ecbac0 2538224 debug extra libssl1.0.0-dbg_1.0.1f-1ubuntu2.26_armhf.deb 4b6d7a9840b495e9fe0e74dcd829b77f 1060 utils extra openssl-dbgsym_1.0.1f-1ubuntu2.26_armhf.ddeb f0d11c91861b6cee1b8fa05e997dd2cc 900 libs extra libssl1.0.0-dbgsym_1.0.1f-1ubuntu2.26_armhf.ddeb 88606ab35ae0827ca41f9a47a434053c 936 debian-installer extra libcrypto1.0.0-udeb-dbgsym_1.0.1f-1ubuntu2.26_armhf.ddeb b54c60e358b57d213d67b97b5a6ad676 818 debian-installer extra libssl1.0.0-udeb-dbgsym_1.0.1f-1ubuntu2.26_armhf.ddeb c07ae23ad95e5145b66c87d11fc1dab3 924 libdevel extra libssl-dev-dbgsym_1.0.1f-1ubuntu2.26_armhf.ddeb 96a64b1c1c09a4fb41aeba2c25ad2ac1 20570 raw-translations - openssl_1.0.1f-1ubuntu2.26_armhf_translations.tar.gz Original-Maintainer: Debian OpenSSL Team Package-Type: udeb