Ubuntu
openssl package

openssl 1.0.2g-1ubuntu13.6 source package in Ubuntu

Changelog

openssl (1.0.2g-1ubuntu13.6) artful-security; urgency=medium

  * SECURITY UPDATE: ECDSA key extraction side channel
    - debian/patches/CVE-2018-0495.patch: add blinding to an ECDSA
      signature in crypto/ecdsa/ecdsatest.c, crypto/ecdsa/ecs_ossl.c.
    - CVE-2018-0495
  * SECURITY UPDATE: denial of service via long prime values
    - debian/patches/CVE-2018-0732.patch: reject excessively large primes
      in DH key generation in crypto/dh/dh_key.c.
    - CVE-2018-0732
  * SECURITY UPDATE: RSA cache timing side channel attack
    (previous update was incomplete)
    - debian/patches/CVE-2018-0737-1.patch: replaced variable-time GCD in
      crypto/rsa/rsa_gen.c.
    - debian/patches/CVE-2018-0737-2.patch: used ERR set/pop mark in
      crypto/rsa/rsa_gen.c.
    - debian/patches/CVE-2018-0737-3.patch: consttime flag changed in
      crypto/rsa/rsa_gen.c.
    - debian/patches/CVE-2018-0737-4.patch: ensure BN_mod_inverse and
      BN_mod_exp_mont both get called with BN_FLG_CONSTTIME flag set in
      crypto/rsa/rsa_gen.c.
    - CVE-2018-0737

 -- Marc Deslauriers <email address hidden>  Wed, 20 Jun 2018 07:32:59 -0400

Upload details

Uploaded by:
Marc Deslauriers
Uploaded to:
Artful
Original maintainer:
Ubuntu Developers
Architectures:
any all
Section:
utils
Urgency:
Medium Urgency

See full publishing history Publishing

Series Pocket Published Component Section

Downloads

File Size SHA-256 Checksum
openssl_1.0.2g.orig.tar.gz 5.0 MiB b784b1b3907ce39abf4098702dade6365522a253ad1552e267a9a0e89594aa33
openssl_1.0.2g-1ubuntu13.6.debian.tar.xz 122.7 KiB 88cccaa57f706344ec42e4ca4bfcc892858fe5d50b2215ba42308f49d1cc5df9
openssl_1.0.2g-1ubuntu13.6.dsc 2.5 KiB 614314a3d2c9093b284c74d88a09e90ef212990abfde47f00ce97bba2ffcaee4

View changes file

Binary packages built by this source

libcrypto1.0.0-udeb: No summary available for libcrypto1.0.0-udeb in ubuntu artful.

No description available for libcrypto1.0.0-udeb in ubuntu artful.

libssl-dev: No summary available for libssl-dev in ubuntu artful.

No description available for libssl-dev in ubuntu artful.

libssl-doc: No summary available for libssl-doc in ubuntu artful.

No description available for libssl-doc in ubuntu artful.

libssl1.0-dev: No summary available for libssl1.0-dev in ubuntu artful.

No description available for libssl1.0-dev in ubuntu artful.

libssl1.0.0: No summary available for libssl1.0.0 in ubuntu artful.

No description available for libssl1.0.0 in ubuntu artful.

libssl1.0.0-dbg: No summary available for libssl1.0.0-dbg in ubuntu artful.

No description available for libssl1.0.0-dbg in ubuntu artful.

libssl1.0.0-udeb: No summary available for libssl1.0.0-udeb in ubuntu artful.

No description available for libssl1.0.0-udeb in ubuntu artful.

openssl: No summary available for openssl in ubuntu artful.

No description available for openssl in ubuntu artful.

openssl-dbgsym: No summary available for openssl-dbgsym in ubuntu artful.

No description available for openssl-dbgsym in ubuntu artful.