Change log for openssl1.0 package in Ubuntu
| 1 → 24 of 24 results | First • Previous • Next • Last |
openssl1.0 (1.0.2n-1ubuntu5.13) bionic-security; urgency=medium
* SECURITY UPDATE: Possible DoS translating ASN.1 object identifiers
- debian/patches/CVE-2023-2650.patch: restrict the size of OBJECT
IDENTIFIERs that OBJ_obj2txt will translate in
crypto/objects/obj_dat.c.
- CVE-2023-2650
-- Marc Deslauriers <email address hidden> Wed, 24 May 2023 15:52:46 -0400
Available diffs
openssl1.0 (1.0.2n-1ubuntu5.12) bionic-security; urgency=medium
* SECURITY UPDATE: excessive resource use when verifying policy constraints
- debian/patches/CVE-2023-0464.patch: limit the number of nodes created in
a policy tree (the default limit is set to 1000 nodes).
- CVE-2023-0464
* SECURITY UPDATE: invalid certificate policies ignored in leaf certificates
- debian/patches/CVE-2023-0465.patch: ensure that EXFLAG_INVALID_POLICY is
checked even in leaf certs.
- CVE-2023-0466
* SECURITY UPDATE: certificate policy check in X509_VERIFY_PARAM_add0_policy
not enabled as documented
- debian/patches/CVE-2023-0466.patch: fix documentation of
X509_VERIFY_PARAM_add0_policy().
- CVE-2023-0466
-- Camila Camargo de Matos <email address hidden> Tue, 18 Apr 2023 14:26:49 -0300
Available diffs
openssl1.0 (1.0.2n-1ubuntu5.11) bionic-security; urgency=medium
* SECURITY UPDATE: Use-after-free following BIO_new_NDEF
- debian/patches/CVE-2023-0215.patch: fix a UAF resulting from a bug in
BIO_new_NDEF in crypto/asn1/bio_ndef.c.
- CVE-2023-0215
* SECURITY UPDATE: X.400 address type confusion in X.509 GeneralName
- debian/patches/CVE-2023-0286.patch: fix GENERAL_NAME_cmp for
x400Address in crypto/x509/v3_genn.c, crypto/x509v3/x509v3.h.
- CVE-2023-0286
-- Marc Deslauriers <email address hidden> Mon, 06 Feb 2023 12:57:17 -0500
Available diffs
openssl1.0 (1.0.2n-1ubuntu5.10) bionic-security; urgency=medium
* SECURITY UPDATE: c_rehash script allows command injection
- debian/patches/CVE-2022-1292.patch: switch to upstream patch, and
apply it before c_rehash-compat.patch.
- debian/patches/CVE-2022-2068.patch: fix file operations in
tools/c_rehash.in.
- debian/patches/c_rehash-compat.patch: updated patch to apply after
the security updates.
- CVE-2022-2068
-- Marc Deslauriers <email address hidden> Mon, 20 Jun 2022 13:34:16 -0400
Available diffs
openssl1.0 (1.0.2n-1ubuntu5.9) bionic-security; urgency=medium
* SECURITY UPDATE: c_rehash script allows command injection
- debian/patches/CVE-2022-1292.patch: do not use shell to invoke
openssl in tools/c_rehash.in.
- CVE-2022-1292
-- Marc Deslauriers <email address hidden> Wed, 04 May 2022 07:54:44 -0400
Available diffs
openssl1.0 (1.0.2n-1ubuntu5.8) bionic-security; urgency=medium
* SECURITY UPDATE: Infinite loop in BN_mod_sqrt()
- debian/patches/CVE-2022-0778.patch: fix infinite loop in
crypto/bn/bn_sqrt.c.
- CVE-2022-0778
-- Marc Deslauriers <email address hidden> Wed, 09 Mar 2022 07:36:36 -0500
Available diffs
openssl1.0 (1.0.2n-1ubuntu5.7) bionic-security; urgency=medium
* SECURITY UPDATE: Read buffer overrun in X509_aux_print()
- debian/patches/CVE-2021-3712.patch: fix a read buffer overrun in
X509_CERT_AUX_print() in crypto/asn1/t_x509a.c.
- debian/patches/CVE-2021-3712-2.patch: fix i2v_GENERAL_NAME to not
assume NUL terminated strings in crypto/x509v3/v3_alt.c,
crypto/x509v3/v3_utl.c, crypto/x509v3/x509v3.h.
- debian/patches/CVE-2021-3712-3.patch: fix POLICYINFO printing to not
assume NUL terminated strings in crypto/x509v3/v3_cpols.c.
- debian/patches/CVE-2021-3712-4.patch: fix printing of
PROXY_CERT_INFO_EXTENSION to not assume NUL terminated strings in
crypto/x509v3/v3_pci.c.
- debian/patches/CVE-2021-3712-5.patch: fix the name constraints code
to not assume NUL terminated strings in crypto/x509v3/v3_ncons.c.
- debian/patches/CVE-2021-3712-7.patch: fix append_ia5 function to not
assume NUL terminated strings in crypto/x509v3/v3_utl.c.
- debian/patches/CVE-2021-3712-8.patch: fix NETSCAPE_SPKI_print
function to not assume NUL terminated strings in
crypto/asn1/t_spki.c.
- debian/patches/CVE-2021-3712-9.patch: fix
EC_GROUP_new_from_ecparameters to check the base length in
crypto/ec/ec_asn1.c.
- debian/patches/CVE-2021-3712-11.patch: fix the error handling in
i2v_AUTHORITY_KEYID in crypto/x509v3/v3_akey.c.
- debian/patches/CVE-2021-3712-13.patch: fix the name constraints code
to not assume NUL terminated strings in crypto/x509v3/v3_ncons.c.
- debian/patches/CVE-2021-3712-14.patch: fix i2v_GENERAL_NAME to not
assume NUL terminated strings in crypto/x509v3/v3_utl.c.
- CVE-2021-3712
-- Marc Deslauriers <email address hidden> Tue, 24 Aug 2021 12:16:56 -0400
Available diffs
openssl1.0 (1.0.2n-1ubuntu5.6) bionic-security; urgency=medium
* SECURITY UPDATE: Integer overflow in CipherUpdate
- debian/patches/CVE-2021-23840-pre1.patch: add new EVP error codes in
crypto/evp/evp_err.c, crypto/evp/evp.h.
- debian/patches/CVE-2021-23840-pre2.patch: add a new EVP error code in
crypto/evp/evp_err.c, crypto/evp/evp.h.
- debian/patches/CVE-2021-23840.patch: don't overflow the output length
in EVP_CipherUpdate calls in crypto/evp/evp_enc.c,
crypto/evp/evp_err.c, crypto/evp/evp.h.
- CVE-2021-23840
* SECURITY UPDATE: Null pointer deref in X509_issuer_and_serial_hash()
- debian/patches/CVE-2021-23841.patch: fix Null pointer deref in
crypto/x509/x509_cmp.c.
- CVE-2021-23841
-- Marc Deslauriers <email address hidden> Wed, 17 Feb 2021 10:33:20 -0500
Available diffs
openssl1.0 (1.0.2n-1ubuntu5.5) bionic-security; urgency=medium
* SECURITY UPDATE: EDIPARTYNAME NULL pointer de-ref
- debian/patches/CVE-2020-1971-1.patch: use explicit tagging for
DirectoryString in crypto/x509v3/v3_genn.c.
- debian/patches/CVE-2020-1971-2.patch: correctly compare EdiPartyName
in crypto/x509v3/v3_genn.c.
- debian/patches/CVE-2020-1971-3.patch: check that multi-strings/CHOICE
types don't use implicit tagging in crypto/asn1/asn1_err.c,
crypto/asn1/tasn_dec.c, crypto/asn1/asn1.h.
- debian/patches/CVE-2020-1971-4.patch: complain if we are attempting
to encode with an invalid ASN.1 template in crypto/asn1/asn1_err.c,
crypto/asn1/tasn_enc.c, crypto/asn1/asn1.h.
- debian/patches/CVE-2020-1971-5.patch: add a test for GENERAL_NAME_cmp
in crypto/x509v3/v3nametest.c.
- CVE-2020-1971
-- Marc Deslauriers <email address hidden> Wed, 02 Dec 2020 14:54:00 -0500
Available diffs
openssl1.0 (1.0.2n-1ubuntu5.4) bionic-security; urgency=medium
* SECURITY UPDATE: Raccoon Attack
- debian/patches/CVE-2020-1968.patch: disable ciphers that reuse the
DH secret across multiple TLS connections in ssl/s3_lib.c.
- CVE-2020-1968
* SECURITY UPDATE: ECDSA remote timing attack
- debian/patches/CVE-2019-1547.patch: for ECC parameters with NULL or
zero cofactor, compute it in crypto/ec/ec.h, crypto/ec/ec_err.c,
crypto/ec/ec_lib.c.
- CVE-2019-1547
* SECURITY UPDATE: rsaz_512_sqr overflow bug on x86_64
- debian/patches/CVE-2019-1551.patch: fix an overflow bug in
rsaz_512_sqr in crypto/bn/asm/rsaz-x86_64.pl.
- CVE-2019-1551
* SECURITY UPDATE: Padding Oracle issue
- debian/patches/CVE-2019-1563.patch: fix a padding oracle in
PKCS7_dataDecode and CMS_decrypt_set1_pkey in crypto/cms/cms_env.c,
crypto/cms/cms_lcl.h, crypto/cms/cms_smime.c,
crypto/pkcs7/pk7_doit.c.
- CVE-2019-1563
-- Marc Deslauriers <email address hidden> Wed, 16 Sep 2020 07:51:13 -0400
Available diffs
openssl1.0 (1.0.2n-1ubuntu5.3) bionic-security; urgency=medium
* SECURITY UPDATE: 0-byte record padding oracle
- debian/patches/CVE-2019-1559.patch: go into the error state if a
fatal alert is sent or received in ssl/d1_pkt.c, ssl/s3_pkt.c.
- CVE-2019-1559
* debian/patches/s390x-fix-aes-gcm-tls.patch: fix typo in backported
s390x hw acceleration patch. (LP: #1775018)
-- Marc Deslauriers <email address hidden> Tue, 26 Feb 2019 14:46:16 -0500
Available diffs
openssl1.0 (1.0.2n-1ubuntu6.2) cosmic-security; urgency=medium
* SECURITY UPDATE: 0-byte record padding oracle
- debian/patches/CVE-2019-1559.patch: go into the error state if a
fatal alert is sent or received in ssl/d1_pkt.c, ssl/s3_pkt.c.
- CVE-2019-1559
* debian/patches/s390x-fix-aes-gcm-tls.patch: fix typo in backported
s390x hw acceleration patch. (LP: #1775018)
-- Marc Deslauriers <email address hidden> Tue, 26 Feb 2019 14:45:07 -0500
Available diffs
| Deleted in disco-proposed (Reason: no longer needed doublet of openssl; LP: #1802569) |
openssl1.0 (1.0.2n-1ubuntu8) disco; urgency=medium
* Fix hw accelerated performance impact on s390x by unbreaking
s390x_aes_gcm_tls_cipher. LP: #1775018
-- Dimitri John Ledkov <email address hidden> Fri, 22 Feb 2019 14:10:40 +0100
Available diffs
- diff from 1.0.2n-1ubuntu7 to 1.0.2n-1ubuntu8 (735 bytes)
openssl1.0 (1.0.2n-1ubuntu5.2) bionic-security; urgency=medium
* SECURITY UPDATE: PortSmash side channel attack
- debian/patches/CVE-2018-5407.patch: fix timing vulnerability in
crypto/bn/bn_lib.c, crypto/ec/ec_mult.c.
- CVE-2018-5407
* SECURITY UPDATE: timing side channel attack in DSA
- debian/patches/CVE-2018-0734-1.patch: fix timing vulnerability in
crypto/dsa/dsa_ossl.c.
- debian/patches/CVE-2018-0734-2.patch: fix mod inverse in
crypto/dsa/dsa_ossl.c.
- debian/patches/CVE-2018-0734-3.patch: add a constant time flag in
crypto/dsa/dsa_ossl.c.
- CVE-2018-0734
-- Marc Deslauriers <email address hidden> Tue, 04 Dec 2018 10:58:01 -0500
Available diffs
openssl1.0 (1.0.2n-1ubuntu6.1) cosmic-security; urgency=medium
* SECURITY UPDATE: PortSmash side channel attack
- debian/patches/CVE-2018-5407.patch: fix timing vulnerability in
crypto/bn/bn_lib.c, crypto/ec/ec_mult.c.
- CVE-2018-5407
* SECURITY UPDATE: timing side channel attack in DSA
- debian/patches/CVE-2018-0734-1.patch: fix timing vulnerability in
crypto/dsa/dsa_ossl.c.
- debian/patches/CVE-2018-0734-2.patch: fix mod inverse in
crypto/dsa/dsa_ossl.c.
- debian/patches/CVE-2018-0734-3.patch: add a constant time flag in
crypto/dsa/dsa_ossl.c.
- CVE-2018-0734
-- Marc Deslauriers <email address hidden> Tue, 04 Dec 2018 10:55:32 -0500
Available diffs
| Deleted in disco-release (Reason: no longer needed doublet of openssl; LP: #1802569) |
| Deleted in disco-proposed (Reason: moved to release) |
openssl1.0 (1.0.2n-1ubuntu7) disco; urgency=medium
* SECURITY UPDATE: PortSmash side channel attack
- debian/patches/CVE-2018-5407.patch: fix timing vulnerability in
crypto/bn/bn_lib.c, crypto/ec/ec_mult.c.
- CVE-2018-5407
* SECURITY UPDATE: timing side channel attack in DSA
- debian/patches/CVE-2018-0734-1.patch: fix timing vulnerability in
crypto/dsa/dsa_ossl.c.
- debian/patches/CVE-2018-0734-2.patch: fix mod inverse in
crypto/dsa/dsa_ossl.c.
- debian/patches/CVE-2018-0734-3.patch: add a constant time flag in
crypto/dsa/dsa_ossl.c.
- CVE-2018-0734
-- Marc Deslauriers <email address hidden> Tue, 04 Dec 2018 10:55:32 -0500
Available diffs
openssl1.0 (1.0.2n-1ubuntu5.1) bionic-security; urgency=medium
* SECURITY UPDATE: ECDSA key extraction side channel
- debian/patches/CVE-2018-0495.patch: add blinding to an ECDSA
signature in crypto/ecdsa/ecdsatest.c, crypto/ecdsa/ecs_ossl.c.
- CVE-2018-0495
* SECURITY UPDATE: denial of service via long prime values
- debian/patches/CVE-2018-0732.patch: reject excessively large primes
in DH key generation in crypto/dh/dh_key.c.
- CVE-2018-0732
* SECURITY UPDATE: RSA cache timing side channel attack
- debian/patches/CVE-2018-0737-1.patch: replaced variable-time GCD in
crypto/rsa/rsa_gen.c.
- debian/patches/CVE-2018-0737-2.patch: used ERR set/pop mark in
crypto/rsa/rsa_gen.c.
- debian/patches/CVE-2018-0737-3.patch: consttime flag changed in
crypto/rsa/rsa_gen.c.
- debian/patches/CVE-2018-0737-4.patch: ensure BN_mod_inverse and
BN_mod_exp_mont both get called with BN_FLG_CONSTTIME flag set in
crypto/rsa/rsa_gen.c.
- CVE-2018-0737
-- Marc Deslauriers <email address hidden> Wed, 20 Jun 2018 08:00:56 -0400
Available diffs
| Superseded in disco-release |
| Superseded in disco-release |
| Obsolete in cosmic-release |
| Deleted in cosmic-proposed (Reason: moved to release) |
openssl1.0 (1.0.2n-1ubuntu6) cosmic; urgency=medium
* SECURITY UPDATE: ECDSA key extraction side channel
- debian/patches/CVE-2018-0495.patch: add blinding to an ECDSA
signature in crypto/ecdsa/ecdsatest.c, crypto/ecdsa/ecs_ossl.c.
- CVE-2018-0495
* SECURITY UPDATE: denial of service via long prime values
- debian/patches/CVE-2018-0732.patch: reject excessively large primes
in DH key generation in crypto/dh/dh_key.c.
- CVE-2018-0732
* SECURITY UPDATE: RSA cache timing side channel attack
- debian/patches/CVE-2018-0737-1.patch: replaced variable-time GCD in
crypto/rsa/rsa_gen.c.
- debian/patches/CVE-2018-0737-2.patch: used ERR set/pop mark in
crypto/rsa/rsa_gen.c.
- debian/patches/CVE-2018-0737-3.patch: consttime flag changed in
crypto/rsa/rsa_gen.c.
- debian/patches/CVE-2018-0737-4.patch: ensure BN_mod_inverse and
BN_mod_exp_mont both get called with BN_FLG_CONSTTIME flag set in
crypto/rsa/rsa_gen.c.
- CVE-2018-0737
-- Marc Deslauriers <email address hidden> Wed, 20 Jun 2018 07:59:27 -0400
Available diffs
| Superseded in cosmic-release |
| Published in bionic-release |
| Deleted in bionic-proposed (Reason: moved to release) |
openssl1.0 (1.0.2n-1ubuntu5) bionic; urgency=medium
* SECURITY UPDATE: DoS via ASN.1 types with a recursive definition
- debian/patches/CVE-2018-0739.patch: limit stack depth in
crypto/asn1/asn1.h, crypto/asn1/asn1_err.c, crypto/asn1/tasn_dec.c.
- CVE-2018-0739
-- Marc Deslauriers <email address hidden> Tue, 27 Mar 2018 13:48:57 -0400
Available diffs
openssl1.0 (1.0.2n-1ubuntu4) bionic; urgency=medium
* s390x: Add support for CPACF enhancements to openssl, for IBM z14. LP:
#1743750
-- Dimitri John Ledkov <email address hidden> Wed, 28 Feb 2018 14:52:10 +0000
Available diffs
- diff from 1.0.2n-1ubuntu3 to 1.0.2n-1ubuntu4 (10.0 KiB)
openssl1.0 (1.0.2n-1ubuntu3) bionic; urgency=medium * Create openssl1.0 package which ships 1.0 variant of utilities. LP: #1747447 * Move libraries back from /lib to /usr/lib, as otherwise d-i helpfully deletes "duplicate" soname libraries, and thus breaking network-console. LP: #1749442 -- Dimitri John Ledkov <email address hidden> Wed, 14 Feb 2018 15:40:29 +0000
Available diffs
| Superseded in bionic-release |
| Deleted in bionic-proposed (Reason: moved to release) |
| Superseded in bionic-proposed |
openssl1.0 (1.0.2n-1ubuntu2) bionic; urgency=medium
* Change package name to openssl1.0
* Drop openssl, libssl-dev, libssl-doc packages, and stop adding
symlinks for them.
* Mark libssl1.0-dev to conflict with libssl-dev.
* Correct soname in debian/libssl1.0.0-udeb.lintian-overrides and
debian/libssl1.0.0.lintian-overrides.
-- Dimitri John Ledkov <email address hidden> Mon, 05 Feb 2018 11:35:03 +0000
openssl1.0 (1.0.2j-4) unstable; urgency=medium * Re-add udebs -- Kurt Roeckx <email address hidden> Sun, 06 Nov 2016 12:07:19 +0100
Available diffs
- diff from 1.0.2j-3 to 1.0.2j-4 (1.3 KiB)
openssl1.0 (1.0.2j-3) unstable; urgency=medium * Upload to unstable -- Kurt Roeckx <email address hidden> Tue, 01 Nov 2016 22:05:22 +0100
| 1 → 24 of 24 results | First • Previous • Next • Last |
