Change log for openssl1.0 package in Ubuntu
1 → 24 of 24 results | First • Previous • Next • Last |
openssl1.0 (1.0.2n-1ubuntu5.13) bionic-security; urgency=medium * SECURITY UPDATE: Possible DoS translating ASN.1 object identifiers - debian/patches/CVE-2023-2650.patch: restrict the size of OBJECT IDENTIFIERs that OBJ_obj2txt will translate in crypto/objects/obj_dat.c. - CVE-2023-2650 -- Marc Deslauriers <email address hidden> Wed, 24 May 2023 15:52:46 -0400
Available diffs
openssl1.0 (1.0.2n-1ubuntu5.12) bionic-security; urgency=medium * SECURITY UPDATE: excessive resource use when verifying policy constraints - debian/patches/CVE-2023-0464.patch: limit the number of nodes created in a policy tree (the default limit is set to 1000 nodes). - CVE-2023-0464 * SECURITY UPDATE: invalid certificate policies ignored in leaf certificates - debian/patches/CVE-2023-0465.patch: ensure that EXFLAG_INVALID_POLICY is checked even in leaf certs. - CVE-2023-0466 * SECURITY UPDATE: certificate policy check in X509_VERIFY_PARAM_add0_policy not enabled as documented - debian/patches/CVE-2023-0466.patch: fix documentation of X509_VERIFY_PARAM_add0_policy(). - CVE-2023-0466 -- Camila Camargo de Matos <email address hidden> Tue, 18 Apr 2023 14:26:49 -0300
Available diffs
openssl1.0 (1.0.2n-1ubuntu5.11) bionic-security; urgency=medium * SECURITY UPDATE: Use-after-free following BIO_new_NDEF - debian/patches/CVE-2023-0215.patch: fix a UAF resulting from a bug in BIO_new_NDEF in crypto/asn1/bio_ndef.c. - CVE-2023-0215 * SECURITY UPDATE: X.400 address type confusion in X.509 GeneralName - debian/patches/CVE-2023-0286.patch: fix GENERAL_NAME_cmp for x400Address in crypto/x509/v3_genn.c, crypto/x509v3/x509v3.h. - CVE-2023-0286 -- Marc Deslauriers <email address hidden> Mon, 06 Feb 2023 12:57:17 -0500
Available diffs
openssl1.0 (1.0.2n-1ubuntu5.10) bionic-security; urgency=medium * SECURITY UPDATE: c_rehash script allows command injection - debian/patches/CVE-2022-1292.patch: switch to upstream patch, and apply it before c_rehash-compat.patch. - debian/patches/CVE-2022-2068.patch: fix file operations in tools/c_rehash.in. - debian/patches/c_rehash-compat.patch: updated patch to apply after the security updates. - CVE-2022-2068 -- Marc Deslauriers <email address hidden> Mon, 20 Jun 2022 13:34:16 -0400
Available diffs
openssl1.0 (1.0.2n-1ubuntu5.9) bionic-security; urgency=medium * SECURITY UPDATE: c_rehash script allows command injection - debian/patches/CVE-2022-1292.patch: do not use shell to invoke openssl in tools/c_rehash.in. - CVE-2022-1292 -- Marc Deslauriers <email address hidden> Wed, 04 May 2022 07:54:44 -0400
Available diffs
openssl1.0 (1.0.2n-1ubuntu5.8) bionic-security; urgency=medium * SECURITY UPDATE: Infinite loop in BN_mod_sqrt() - debian/patches/CVE-2022-0778.patch: fix infinite loop in crypto/bn/bn_sqrt.c. - CVE-2022-0778 -- Marc Deslauriers <email address hidden> Wed, 09 Mar 2022 07:36:36 -0500
Available diffs
openssl1.0 (1.0.2n-1ubuntu5.7) bionic-security; urgency=medium * SECURITY UPDATE: Read buffer overrun in X509_aux_print() - debian/patches/CVE-2021-3712.patch: fix a read buffer overrun in X509_CERT_AUX_print() in crypto/asn1/t_x509a.c. - debian/patches/CVE-2021-3712-2.patch: fix i2v_GENERAL_NAME to not assume NUL terminated strings in crypto/x509v3/v3_alt.c, crypto/x509v3/v3_utl.c, crypto/x509v3/x509v3.h. - debian/patches/CVE-2021-3712-3.patch: fix POLICYINFO printing to not assume NUL terminated strings in crypto/x509v3/v3_cpols.c. - debian/patches/CVE-2021-3712-4.patch: fix printing of PROXY_CERT_INFO_EXTENSION to not assume NUL terminated strings in crypto/x509v3/v3_pci.c. - debian/patches/CVE-2021-3712-5.patch: fix the name constraints code to not assume NUL terminated strings in crypto/x509v3/v3_ncons.c. - debian/patches/CVE-2021-3712-7.patch: fix append_ia5 function to not assume NUL terminated strings in crypto/x509v3/v3_utl.c. - debian/patches/CVE-2021-3712-8.patch: fix NETSCAPE_SPKI_print function to not assume NUL terminated strings in crypto/asn1/t_spki.c. - debian/patches/CVE-2021-3712-9.patch: fix EC_GROUP_new_from_ecparameters to check the base length in crypto/ec/ec_asn1.c. - debian/patches/CVE-2021-3712-11.patch: fix the error handling in i2v_AUTHORITY_KEYID in crypto/x509v3/v3_akey.c. - debian/patches/CVE-2021-3712-13.patch: fix the name constraints code to not assume NUL terminated strings in crypto/x509v3/v3_ncons.c. - debian/patches/CVE-2021-3712-14.patch: fix i2v_GENERAL_NAME to not assume NUL terminated strings in crypto/x509v3/v3_utl.c. - CVE-2021-3712 -- Marc Deslauriers <email address hidden> Tue, 24 Aug 2021 12:16:56 -0400
Available diffs
openssl1.0 (1.0.2n-1ubuntu5.6) bionic-security; urgency=medium * SECURITY UPDATE: Integer overflow in CipherUpdate - debian/patches/CVE-2021-23840-pre1.patch: add new EVP error codes in crypto/evp/evp_err.c, crypto/evp/evp.h. - debian/patches/CVE-2021-23840-pre2.patch: add a new EVP error code in crypto/evp/evp_err.c, crypto/evp/evp.h. - debian/patches/CVE-2021-23840.patch: don't overflow the output length in EVP_CipherUpdate calls in crypto/evp/evp_enc.c, crypto/evp/evp_err.c, crypto/evp/evp.h. - CVE-2021-23840 * SECURITY UPDATE: Null pointer deref in X509_issuer_and_serial_hash() - debian/patches/CVE-2021-23841.patch: fix Null pointer deref in crypto/x509/x509_cmp.c. - CVE-2021-23841 -- Marc Deslauriers <email address hidden> Wed, 17 Feb 2021 10:33:20 -0500
Available diffs
openssl1.0 (1.0.2n-1ubuntu5.5) bionic-security; urgency=medium * SECURITY UPDATE: EDIPARTYNAME NULL pointer de-ref - debian/patches/CVE-2020-1971-1.patch: use explicit tagging for DirectoryString in crypto/x509v3/v3_genn.c. - debian/patches/CVE-2020-1971-2.patch: correctly compare EdiPartyName in crypto/x509v3/v3_genn.c. - debian/patches/CVE-2020-1971-3.patch: check that multi-strings/CHOICE types don't use implicit tagging in crypto/asn1/asn1_err.c, crypto/asn1/tasn_dec.c, crypto/asn1/asn1.h. - debian/patches/CVE-2020-1971-4.patch: complain if we are attempting to encode with an invalid ASN.1 template in crypto/asn1/asn1_err.c, crypto/asn1/tasn_enc.c, crypto/asn1/asn1.h. - debian/patches/CVE-2020-1971-5.patch: add a test for GENERAL_NAME_cmp in crypto/x509v3/v3nametest.c. - CVE-2020-1971 -- Marc Deslauriers <email address hidden> Wed, 02 Dec 2020 14:54:00 -0500
Available diffs
openssl1.0 (1.0.2n-1ubuntu5.4) bionic-security; urgency=medium * SECURITY UPDATE: Raccoon Attack - debian/patches/CVE-2020-1968.patch: disable ciphers that reuse the DH secret across multiple TLS connections in ssl/s3_lib.c. - CVE-2020-1968 * SECURITY UPDATE: ECDSA remote timing attack - debian/patches/CVE-2019-1547.patch: for ECC parameters with NULL or zero cofactor, compute it in crypto/ec/ec.h, crypto/ec/ec_err.c, crypto/ec/ec_lib.c. - CVE-2019-1547 * SECURITY UPDATE: rsaz_512_sqr overflow bug on x86_64 - debian/patches/CVE-2019-1551.patch: fix an overflow bug in rsaz_512_sqr in crypto/bn/asm/rsaz-x86_64.pl. - CVE-2019-1551 * SECURITY UPDATE: Padding Oracle issue - debian/patches/CVE-2019-1563.patch: fix a padding oracle in PKCS7_dataDecode and CMS_decrypt_set1_pkey in crypto/cms/cms_env.c, crypto/cms/cms_lcl.h, crypto/cms/cms_smime.c, crypto/pkcs7/pk7_doit.c. - CVE-2019-1563 -- Marc Deslauriers <email address hidden> Wed, 16 Sep 2020 07:51:13 -0400
Available diffs
openssl1.0 (1.0.2n-1ubuntu5.3) bionic-security; urgency=medium * SECURITY UPDATE: 0-byte record padding oracle - debian/patches/CVE-2019-1559.patch: go into the error state if a fatal alert is sent or received in ssl/d1_pkt.c, ssl/s3_pkt.c. - CVE-2019-1559 * debian/patches/s390x-fix-aes-gcm-tls.patch: fix typo in backported s390x hw acceleration patch. (LP: #1775018) -- Marc Deslauriers <email address hidden> Tue, 26 Feb 2019 14:46:16 -0500
Available diffs
openssl1.0 (1.0.2n-1ubuntu6.2) cosmic-security; urgency=medium * SECURITY UPDATE: 0-byte record padding oracle - debian/patches/CVE-2019-1559.patch: go into the error state if a fatal alert is sent or received in ssl/d1_pkt.c, ssl/s3_pkt.c. - CVE-2019-1559 * debian/patches/s390x-fix-aes-gcm-tls.patch: fix typo in backported s390x hw acceleration patch. (LP: #1775018) -- Marc Deslauriers <email address hidden> Tue, 26 Feb 2019 14:45:07 -0500
Available diffs
Deleted in disco-proposed (Reason: no longer needed doublet of openssl; LP: #1802569) |
openssl1.0 (1.0.2n-1ubuntu8) disco; urgency=medium * Fix hw accelerated performance impact on s390x by unbreaking s390x_aes_gcm_tls_cipher. LP: #1775018 -- Dimitri John Ledkov <email address hidden> Fri, 22 Feb 2019 14:10:40 +0100
Available diffs
- diff from 1.0.2n-1ubuntu7 to 1.0.2n-1ubuntu8 (735 bytes)
openssl1.0 (1.0.2n-1ubuntu5.2) bionic-security; urgency=medium * SECURITY UPDATE: PortSmash side channel attack - debian/patches/CVE-2018-5407.patch: fix timing vulnerability in crypto/bn/bn_lib.c, crypto/ec/ec_mult.c. - CVE-2018-5407 * SECURITY UPDATE: timing side channel attack in DSA - debian/patches/CVE-2018-0734-1.patch: fix timing vulnerability in crypto/dsa/dsa_ossl.c. - debian/patches/CVE-2018-0734-2.patch: fix mod inverse in crypto/dsa/dsa_ossl.c. - debian/patches/CVE-2018-0734-3.patch: add a constant time flag in crypto/dsa/dsa_ossl.c. - CVE-2018-0734 -- Marc Deslauriers <email address hidden> Tue, 04 Dec 2018 10:58:01 -0500
Available diffs
openssl1.0 (1.0.2n-1ubuntu6.1) cosmic-security; urgency=medium * SECURITY UPDATE: PortSmash side channel attack - debian/patches/CVE-2018-5407.patch: fix timing vulnerability in crypto/bn/bn_lib.c, crypto/ec/ec_mult.c. - CVE-2018-5407 * SECURITY UPDATE: timing side channel attack in DSA - debian/patches/CVE-2018-0734-1.patch: fix timing vulnerability in crypto/dsa/dsa_ossl.c. - debian/patches/CVE-2018-0734-2.patch: fix mod inverse in crypto/dsa/dsa_ossl.c. - debian/patches/CVE-2018-0734-3.patch: add a constant time flag in crypto/dsa/dsa_ossl.c. - CVE-2018-0734 -- Marc Deslauriers <email address hidden> Tue, 04 Dec 2018 10:55:32 -0500
Available diffs
Deleted in disco-release (Reason: no longer needed doublet of openssl; LP: #1802569) |
Deleted in disco-proposed (Reason: moved to release) |
openssl1.0 (1.0.2n-1ubuntu7) disco; urgency=medium * SECURITY UPDATE: PortSmash side channel attack - debian/patches/CVE-2018-5407.patch: fix timing vulnerability in crypto/bn/bn_lib.c, crypto/ec/ec_mult.c. - CVE-2018-5407 * SECURITY UPDATE: timing side channel attack in DSA - debian/patches/CVE-2018-0734-1.patch: fix timing vulnerability in crypto/dsa/dsa_ossl.c. - debian/patches/CVE-2018-0734-2.patch: fix mod inverse in crypto/dsa/dsa_ossl.c. - debian/patches/CVE-2018-0734-3.patch: add a constant time flag in crypto/dsa/dsa_ossl.c. - CVE-2018-0734 -- Marc Deslauriers <email address hidden> Tue, 04 Dec 2018 10:55:32 -0500
Available diffs
openssl1.0 (1.0.2n-1ubuntu5.1) bionic-security; urgency=medium * SECURITY UPDATE: ECDSA key extraction side channel - debian/patches/CVE-2018-0495.patch: add blinding to an ECDSA signature in crypto/ecdsa/ecdsatest.c, crypto/ecdsa/ecs_ossl.c. - CVE-2018-0495 * SECURITY UPDATE: denial of service via long prime values - debian/patches/CVE-2018-0732.patch: reject excessively large primes in DH key generation in crypto/dh/dh_key.c. - CVE-2018-0732 * SECURITY UPDATE: RSA cache timing side channel attack - debian/patches/CVE-2018-0737-1.patch: replaced variable-time GCD in crypto/rsa/rsa_gen.c. - debian/patches/CVE-2018-0737-2.patch: used ERR set/pop mark in crypto/rsa/rsa_gen.c. - debian/patches/CVE-2018-0737-3.patch: consttime flag changed in crypto/rsa/rsa_gen.c. - debian/patches/CVE-2018-0737-4.patch: ensure BN_mod_inverse and BN_mod_exp_mont both get called with BN_FLG_CONSTTIME flag set in crypto/rsa/rsa_gen.c. - CVE-2018-0737 -- Marc Deslauriers <email address hidden> Wed, 20 Jun 2018 08:00:56 -0400
Available diffs
Superseded in disco-release |
Superseded in disco-release |
Obsolete in cosmic-release |
Deleted in cosmic-proposed (Reason: moved to release) |
openssl1.0 (1.0.2n-1ubuntu6) cosmic; urgency=medium * SECURITY UPDATE: ECDSA key extraction side channel - debian/patches/CVE-2018-0495.patch: add blinding to an ECDSA signature in crypto/ecdsa/ecdsatest.c, crypto/ecdsa/ecs_ossl.c. - CVE-2018-0495 * SECURITY UPDATE: denial of service via long prime values - debian/patches/CVE-2018-0732.patch: reject excessively large primes in DH key generation in crypto/dh/dh_key.c. - CVE-2018-0732 * SECURITY UPDATE: RSA cache timing side channel attack - debian/patches/CVE-2018-0737-1.patch: replaced variable-time GCD in crypto/rsa/rsa_gen.c. - debian/patches/CVE-2018-0737-2.patch: used ERR set/pop mark in crypto/rsa/rsa_gen.c. - debian/patches/CVE-2018-0737-3.patch: consttime flag changed in crypto/rsa/rsa_gen.c. - debian/patches/CVE-2018-0737-4.patch: ensure BN_mod_inverse and BN_mod_exp_mont both get called with BN_FLG_CONSTTIME flag set in crypto/rsa/rsa_gen.c. - CVE-2018-0737 -- Marc Deslauriers <email address hidden> Wed, 20 Jun 2018 07:59:27 -0400
Available diffs
Superseded in cosmic-release |
Published in bionic-release |
Deleted in bionic-proposed (Reason: moved to release) |
openssl1.0 (1.0.2n-1ubuntu5) bionic; urgency=medium * SECURITY UPDATE: DoS via ASN.1 types with a recursive definition - debian/patches/CVE-2018-0739.patch: limit stack depth in crypto/asn1/asn1.h, crypto/asn1/asn1_err.c, crypto/asn1/tasn_dec.c. - CVE-2018-0739 -- Marc Deslauriers <email address hidden> Tue, 27 Mar 2018 13:48:57 -0400
Available diffs
openssl1.0 (1.0.2n-1ubuntu4) bionic; urgency=medium * s390x: Add support for CPACF enhancements to openssl, for IBM z14. LP: #1743750 -- Dimitri John Ledkov <email address hidden> Wed, 28 Feb 2018 14:52:10 +0000
Available diffs
- diff from 1.0.2n-1ubuntu3 to 1.0.2n-1ubuntu4 (10.0 KiB)
openssl1.0 (1.0.2n-1ubuntu3) bionic; urgency=medium * Create openssl1.0 package which ships 1.0 variant of utilities. LP: #1747447 * Move libraries back from /lib to /usr/lib, as otherwise d-i helpfully deletes "duplicate" soname libraries, and thus breaking network-console. LP: #1749442 -- Dimitri John Ledkov <email address hidden> Wed, 14 Feb 2018 15:40:29 +0000
Available diffs
Superseded in bionic-release |
Deleted in bionic-proposed (Reason: moved to release) |
Superseded in bionic-proposed |
openssl1.0 (1.0.2n-1ubuntu2) bionic; urgency=medium * Change package name to openssl1.0 * Drop openssl, libssl-dev, libssl-doc packages, and stop adding symlinks for them. * Mark libssl1.0-dev to conflict with libssl-dev. * Correct soname in debian/libssl1.0.0-udeb.lintian-overrides and debian/libssl1.0.0.lintian-overrides. -- Dimitri John Ledkov <email address hidden> Mon, 05 Feb 2018 11:35:03 +0000
openssl1.0 (1.0.2j-4) unstable; urgency=medium * Re-add udebs -- Kurt Roeckx <email address hidden> Sun, 06 Nov 2016 12:07:19 +0100
Available diffs
- diff from 1.0.2j-3 to 1.0.2j-4 (1.3 KiB)
openssl1.0 (1.0.2j-3) unstable; urgency=medium * Upload to unstable -- Kurt Roeckx <email address hidden> Tue, 01 Nov 2016 22:05:22 +0100
1 → 24 of 24 results | First • Previous • Next • Last |