openssl097 0.9.7g-5ubuntu1.1 source package in Ubuntu
Changelog
openssl097 (0.9.7g-5ubuntu1.1) dapper-security; urgency=low * SECURITY UPDATE: Multiple vulnerabilities. * Apply http://www.openssl.org/news/patch-CVE-2006-4339.txt: - Check excessive data in padding of PKCS #1 v1.5 signatures to prevent applications from incorrectly verifying the certificate. [CVE-2006-4339] - http://www.openssl.org/news/secadv_20060905.txt * crypto/asn1/tasn_dec.c, asn1_d2i_ex_primitive(): Initialize 'ret' to avoid an infinite loop in some circumstances. [CVE-2006-2937] * ssl/ssl_lib.c, SSL_get_shared_ciphers(): Fix len comparison to correctly handle invalid long cipher list strings. [CVE-2006-3738] * ssl/s2_clnt.c, get_server_hello(): Check for NULL session certificate to avoid client crash with malicious server responses. [CVE-2006-4343] * Certain types of public key could take disproportionate amounts of time to process. Apply patch from Bodo Moeller to impose limits to public key type values (similar to Mozilla's libnss). Fixes CPU usage/memory DoS. [CVE-2006-2940] -- Martin Pitt <email address hidden> Wed, 4 Oct 2006 10:02:28 +0200
Upload details
- Uploaded by:
- Martin Pitt
- Uploaded to:
- Dapper
- Original maintainer:
- Debian OpenSSL Team
- Architectures:
- any
- Section:
- utils
- Urgency:
- Low Urgency
See full publishing history Publishing
Series | Published | Component | Section |
---|
Downloads
File | Size | SHA-256 Checksum |
---|---|---|
openssl097_0.9.7g.orig.tar.gz | 3.0 MiB | e7e1a287141dd1be7f4b4fedd54ec29fa904655ed76a13ac87ae69a3fc76b062 |
openssl097_0.9.7g-5ubuntu1.1.diff.gz | 32.5 KiB | 0ece84e07cd0261e630c02f2b29de14a930fba6d154d5c420625c7f8d84ead36 |
openssl097_0.9.7g-5ubuntu1.1.dsc | 775 bytes | 40cc05badedd6cc2c76b4a2a2dde665858c0e95795de1db610ea31e0ef814013 |
Binary packages built by this source
- libssl0.9.7: No summary available for libssl0.9.7 in ubuntu dapper.
No description available for libssl0.9.7 in ubuntu dapper.
- libssl0.9.7-dbg: No summary available for libssl0.9.7-dbg in ubuntu dapper.
No description available for libssl0.9.7-dbg in ubuntu dapper.