-
openssl (1.0.1f-1ubuntu2.27) trusty-security; urgency=medium
* SECURITY UPDATE: PortSmash side channel attack
- debian/patches/CVE-2018-5407.patch: fix timing vulnerability in
crypto/bn/bn_lib.c, crypto/ec/ec_mult.c.
- CVE-2018-5407
* SECURITY UPDATE: timing side channel attack in DSA
- debian/patches/CVE-2018-0734-pre1.patch: address a timing side
channel in crypto/dsa/dsa_ossl.c.
- debian/patches/CVE-2018-0734-1.patch: fix timing vulnerability in
crypto/dsa/dsa_ossl.c.
- debian/patches/CVE-2018-0734-2.patch: fix mod inverse in
crypto/dsa/dsa_ossl.c.
- debian/patches/CVE-2018-0734-3.patch: add a constant time flag in
crypto/dsa/dsa_ossl.c.
- CVE-2018-0734
-- Marc Deslauriers <email address hidden> Tue, 04 Dec 2018 10:36:19 -0500
-
openssl (1.0.1f-1ubuntu2.26) trusty-security; urgency=medium
* SECURITY UPDATE: ECDSA key extraction side channel
- debian/patches/CVE-2018-0495.patch: add blinding to an ECDSA
signature in crypto/ecdsa/ecdsatest.c, crypto/ecdsa/ecs_ossl.c.
- CVE-2018-0495
* SECURITY UPDATE: denial of service via long prime values
- debian/patches/CVE-2018-0732.patch: reject excessively large primes
in DH key generation in crypto/dh/dh_key.c.
- CVE-2018-0732
* SECURITY UPDATE: RSA cache timing side channel attack
(previous update was incomplete)
- debian/patches/CVE-2018-0737-1.patch: replaced variable-time GCD in
crypto/rsa/rsa_gen.c.
- debian/patches/CVE-2018-0737-2.patch: used ERR set/pop mark in
crypto/rsa/rsa_gen.c.
- debian/patches/CVE-2018-0737-3.patch: consttime flag changed in
crypto/rsa/rsa_gen.c.
- debian/patches/CVE-2018-0737-4.patch: ensure BN_mod_inverse and
BN_mod_exp_mont both get called with BN_FLG_CONSTTIME flag set in
crypto/rsa/rsa_gen.c.
- CVE-2018-0737
-- Marc Deslauriers <email address hidden> Wed, 20 Jun 2018 07:57:40 -0400
-
openssl (1.0.1f-1ubuntu2.25) trusty-security; urgency=medium
* SECURITY UPDATE: Cache timing side channel
- debian/patches/CVE-2018-0737.patch: ensure BN_mod_inverse
and BN_mod_exp_mont get called with BN_FLG_CONSTTIME flag set
in crypto/rsa/rsa_gen.c.
- CVE-2018-0737
-- <email address hidden> (Leonidas S. Barbosa) Wed, 18 Apr 2018 14:54:20 -0300
-
openssl (1.0.1f-1ubuntu2.24) trusty-security; urgency=medium
* SECURITY UPDATE: DoS via ASN.1 types with a recursive definition
- debian/patches/CVE-2018-0739.patch: limit stack depth in
crypto/asn1/asn1.h, crypto/asn1/asn1_err.c, crypto/asn1/tasn_dec.c.
- CVE-2018-0739
-- Marc Deslauriers <email address hidden> Tue, 27 Mar 2018 14:31:59 -0400
-
openssl (1.0.1f-1ubuntu2.23) trusty-security; urgency=medium
* SECURITY UPDATE: Malformed X.509 IPAddressFamily could cause OOB read
- debian/patches/CVE-2017-3735.patch: avoid out-of-bounds read in
crypto/x509v3/v3_addr.c.
- CVE-2017-3735
-- Marc Deslauriers <email address hidden> Thu, 02 Nov 2017 11:30:53 -0400
-
openssl (1.0.1f-1ubuntu2.22) trusty-security; urgency=medium
* SECURITY UPDATE: Pointer arithmetic undefined behaviour
- debian/patches/CVE-2016-2177-pre.patch: check for ClientHello message
overruns in ssl/s3_srvr.c.
- debian/patches/CVE-2016-2177-pre2.patch: validate ClientHello
extension field length in ssl/t1_lib.c.
- debian/patches/CVE-2016-2177-pre3.patch: pass in a limit rather than
calculate it in ssl/s3_srvr.c, ssl/ssl_locl.h, ssl/t1_lib.c.
- debian/patches/CVE-2016-2177.patch: avoid undefined pointer
arithmetic in ssl/s3_srvr.c, ssl/t1_lib.c,
- CVE-2016-2177
* SECURITY UPDATE: ECDSA P-256 timing attack key recovery
- debian/patches/CVE-2016-7056.patch: use BN_mod_exp_mont_consttime in
crypto/ec/ec.h, crypto/ec/ec_lcl.h, crypto/ec/ec_lib.c,
crypto/ecdsa/ecs_ossl.c.
- CVE-2016-7056
* SECURITY UPDATE: DoS via warning alerts
- debian/patches/CVE-2016-8610.patch: don't allow too many consecutive
warning alerts in ssl/d1_pkt.c, ssl/s3_pkt.c, ssl/ssl.h,
ssl/ssl_locl.h.
- debian/patches/CVE-2016-8610-2.patch: fail if an unrecognised record
type is received in ssl/s3_pkt.c.
- CVE-2016-8610
* SECURITY UPDATE: Truncated packet could crash via OOB read
- debian/patches/CVE-2017-3731-pre.patch: sanity check
EVP_CTRL_AEAD_TLS_AAD in crypto/evp/e_aes.c,
crypto/evp/e_aes_cbc_hmac_sha1.c, crypto/evp/e_rc4_hmac_md5.c,
crypto/evp/evp.h, ssl/t1_enc.c.
- debian/patches/CVE-2017-3731.patch: harden RC4_MD5 cipher in
crypto/evp/e_rc4_hmac_md5.c.
- CVE-2017-3731
-- Marc Deslauriers <email address hidden> Mon, 30 Jan 2017 11:38:06 -0500
-
openssl (1.0.1f-1ubuntu2.21) trusty-security; urgency=medium
* SECURITY REGRESSION: incomplete fix for CVE-2016-2182 (LP: #1626883)
- debian/patches/CVE-2016-2182-2.patch: fix off-by-one in overflow
check in crypto/bn/bn_print.c.
-- Marc Deslauriers <email address hidden> Fri, 23 Sep 2016 07:57:00 -0400
-
openssl (1.0.1f-1ubuntu2.20) trusty-security; urgency=medium
* SECURITY UPDATE: Constant time flag not preserved in DSA signing
- debian/patches/CVE-2016-2178-*.patch: preserve BN_FLG_CONSTTIME in
crypto/dsa/dsa_ossl.c.
- CVE-2016-2178
* SECURITY UPDATE: DTLS buffered message DoS
- debian/patches/CVE-2016-2179.patch: fix queue handling in
ssl/d1_both.c, ssl/d1_clnt.c, ssl/d1_lib.c, ssl/d1_srvr.c,
ssl/ssl_locl.h.
- CVE-2016-2179
* SECURITY UPDATE: OOB read in TS_OBJ_print_bio()
- debian/patches/CVE-2016-2180.patch: fix text handling in
crypto/ts/ts_lib.c.
- CVE-2016-2180
* SECURITY UPDATE: DTLS replay protection DoS
- debian/patches/CVE-2016-2181-1.patch: properly handle unprocessed
records in ssl/d1_pkt.c.
- debian/patches/CVE-2016-2181-2.patch: protect against replay attacks
in ssl/d1_pkt.c, ssl/ssl.h, ssl/ssl_err.c.
- debian/patches/CVE-2016-2181-3.patch: update error code in ssl/ssl.h.
- CVE-2016-2181
* SECURITY UPDATE: OOB write in BN_bn2dec()
- debian/patches/CVE-2016-2182.patch: don't overflow buffer in
crypto/bn/bn_print.c.
- CVE-2016-2182
* SECURITY UPDATE: SWEET32 Mitigation
- debian/patches/CVE-2016-2183.patch: move DES ciphersuites from HIGH
to MEDIUM in ssl/s3_lib.c.
- CVE-2016-2183
* SECURITY UPDATE: Malformed SHA512 ticket DoS
- debian/patches/CVE-2016-6302.patch: sanity check ticket length in
ssl/t1_lib.c.
- CVE-2016-6302
* SECURITY UPDATE: OOB write in MDC2_Update()
- debian/patches/CVE-2016-6303.patch: avoid overflow in
crypto/mdc2/mdc2dgst.c.
- CVE-2016-6303
* SECURITY UPDATE: OCSP Status Request extension unbounded memory growth
- debian/patches/CVE-2016-6304.patch: remove OCSP_RESPIDs from previous
handshake in ssl/t1_lib.c.
- CVE-2016-6304
* SECURITY UPDATE: Certificate message OOB reads
- debian/patches/CVE-2016-6306-1.patch: check lengths in ssl/s3_clnt.c,
ssl/s3_srvr.c.
- debian/patches/CVE-2016-6306-2.patch: make message buffer slightly
larger in ssl/d1_both.c, ssl/s3_both.c.
- CVE-2016-6306
* SECURITY REGRESSION: DTLS regression (LP: #1622500)
- debian/patches/CVE-2014-3571-3.patch: make DTLS always act as if
read_ahead is set in ssl/s3_pkt.c.
* debian/patches/update-expired-smime-test-certs.patch: Update test
certificates that have expired and caused build test failures.
-- Marc Deslauriers <email address hidden> Thu, 22 Sep 2016 13:38:15 -0400
-
openssl (1.0.1f-1ubuntu2.19) trusty-security; urgency=medium
* SECURITY UPDATE: EVP_EncodeUpdate overflow
- debian/patches/CVE-2016-2105.patch: properly check lengths in
crypto/evp/encode.c, add documentation to
doc/crypto/EVP_EncodeInit.pod, doc/crypto/evp.pod.
- CVE-2016-2105
* SECURITY UPDATE: EVP_EncryptUpdate overflow
- debian/patches/CVE-2016-2106.patch: fix overflow in
crypto/evp/evp_enc.c.
- CVE-2016-2106
* SECURITY UPDATE: Padding oracle in AES-NI CBC MAC check
- debian/patches/CVE-2016-2107.patch: check that there are enough
padding characters in crypto/evp/e_aes_cbc_hmac_sha1.c.
- CVE-2016-2107
* SECURITY UPDATE: Memory corruption in the ASN.1 encoder
- debian/patches/CVE-2016-2108-1.patch: don't mishandle zero if it is
marked as negative in crypto/asn1/a_int.c.
- debian/patches/CVE-2016-2108-2.patch: fix ASN1_INTEGER handling in
crypto/asn1/a_type.c, crypto/asn1/asn1.h, crypto/asn1/tasn_dec.c,
crypto/asn1/tasn_enc.c.
- CVE-2016-2108
* SECURITY UPDATE: ASN.1 BIO excessive memory allocation
- debian/patches/CVE-2016-2109.patch: properly handle large amounts of
data in crypto/asn1/a_d2i_fp.c.
- CVE-2016-2109
* debian/patches/min_1024_dh_size.patch: change minimum DH size from 768
to 1024.
-- Marc Deslauriers <email address hidden> Thu, 28 Apr 2016 11:22:20 -0400
-
openssl (1.0.1f-1ubuntu2.18) trusty-security; urgency=medium
* SECURITY UPDATE: side channel attack on modular exponentiation
- debian/patches/CVE-2016-0702.patch: use constant-time calculations in
crypto/bn/asm/x86_64-mont5.pl, crypto/bn/bn_exp.c,
crypto/perlasm/x86_64-xlate.pl, crypto/constant_time_locl.h.
- CVE-2016-0702
* SECURITY UPDATE: double-free in DSA code
- debian/patches/CVE-2016-0705.patch: fix double-free in
crypto/dsa/dsa_ameth.c.
- CVE-2016-0705
* SECURITY UPDATE: BN_hex2bn/BN_dec2bn NULL pointer deref/heap corruption
- debian/patches/CVE-2016-0797.patch: prevent overflow in
crypto/bn/bn_print.c, crypto/bn/bn.h.
- CVE-2016-0797
* SECURITY UPDATE: memory leak in SRP database lookups
- debian/patches/CVE-2016-0798.patch: disable SRP fake user seed and
introduce new SRP_VBASE_get1_by_user function that handled seed
properly in apps/s_server.c, crypto/srp/srp.h, crypto/srp/srp_vfy.c,
util/libeay.num, openssl.ld.
- CVE-2016-0798
* SECURITY UPDATE: memory issues in BIO_*printf functions
- debian/patches/CVE-2016-0799.patch: prevent overflow in
crypto/bio/b_print.c.
- CVE-2016-0799
* debian/patches/preserve_digests_for_sni.patch: preserve negotiated
digests for SNI when SSL_set_SSL_CTX is called in ssl/ssl_lib.c.
(LP: #1550643)
-- Marc Deslauriers <email address hidden> Mon, 29 Feb 2016 07:56:15 -0500
-
openssl (1.0.1f-1ubuntu2.17) trusty-security; urgency=medium
* debian/patches/alt-cert-chains-*.patch: backport series of upstream
commits to add alternate chains support. This will allow the future
removal of 1024-bit RSA keys from the ca-certificates package.
-- Marc Deslauriers <email address hidden> Fri, 05 Feb 2016 16:14:26 -0500
-
openssl (1.0.1f-1ubuntu2.16) trusty-security; urgency=medium
* SECURITY UPDATE: Certificate verify crash with missing PSS parameter
- debian/patches/CVE-2015-3194.patch: add PSS parameter check to
crypto/rsa/rsa_ameth.c.
- CVE-2015-3194
* SECURITY UPDATE: X509_ATTRIBUTE memory leak
- debian/patches/CVE-2015-3195.patch: fix leak in
crypto/asn1/tasn_dec.c.
- CVE-2015-3195
* SECURITY UPDATE: Race condition handling PSK identify hint
- debian/patches/CVE-2015-3196.patch: fix PSK handling in
ssl/s3_clnt.c, ssl/s3_srvr.c.
- CVE-2015-3196
-- Marc Deslauriers <email address hidden> Fri, 04 Dec 2015 08:20:52 -0500
-
openssl (1.0.1f-1ubuntu2.15) trusty-security; urgency=medium
* SECURITY IMPROVEMENT: reject dh keys smaller than 768 bits
- debian/patches/reject_small_dh.patch: reject small dh keys in
ssl/s3_clnt.c, ssl/ssl.h, ssl/ssl_err.c, update documentation in
doc/ssl/SSL_CTX_set_tmp_dh_callback.pod, make s_server use 2048-bit
dh in apps/s_server.c, clarify docs in doc/apps/dhparam.pod.
* SECURITY UPDATE: denial of service and possible code execution via
invalid free in DTLS
- debian/patches/CVE-2014-8176.patch: fix invalid free in ssl/d1_lib.c.
- CVE-2014-8176
* SECURITY UPDATE: denial of service via malformed ECParameters
- debian/patches/CVE-2015-1788.patch: improve logic in
crypto/bn/bn_gf2m.c.
- CVE-2015-1788
* SECURITY UPDATE: denial of service via out-of-bounds read in
X509_cmp_time
- debian/patches/CVE-2015-1789.patch: properly parse time format in
crypto/x509/x509_vfy.c.
- CVE-2015-1789
* SECURITY UPDATE: denial of service via missing EnvelopedContent
- debian/patches/CVE-2015-1790.patch: handle NULL data_body in
crypto/pkcs7/pk7_doit.c.
- CVE-2015-1790
* SECURITY UPDATE: race condition in NewSessionTicket
- debian/patches/CVE-2015-1791.patch: create a new session in
ssl/s3_clnt.c, ssl/ssl.h, ssl/ssl_err.c, ssl/ssl_locl.h,
ssl/ssl_sess.c.
- debian/patches/CVE-2015-1791-2.patch: fix kerberos issue in
ssl/ssl_sess.c.
- debian/patches/CVE-2015-1791-3.patch: more ssl_session_dup fixes in
ssl/ssl_sess.c.
- CVE-2015-1791
* SECURITY UPDATE: CMS verify infinite loop with unknown hash function
- debian/patches/CVE-2015-1792.patch: fix infinite loop in
crypto/cms/cms_smime.c.
- CVE-2015-1792
-- Marc Deslauriers <email address hidden> Thu, 11 Jun 2015 07:34:23 -0400
-
openssl (1.0.1f-1ubuntu2.12) trusty-security; urgency=medium
* SECURITY IMPROVEMENT: Disable EXPORT ciphers by default
- debian/patches/disable_export_ciphers.patch: remove export ciphers
from the DEFAULT cipher list in ssl/ssl.h, ssl/ssl_ciph.c,
doc/apps/ciphers.pod.
-- Marc Deslauriers <email address hidden> Thu, 28 May 2015 08:58:02 -0400
-
openssl (1.0.1f-1ubuntu2.11) trusty-security; urgency=medium
* SECURITY UPDATE: denial of service and possible memory corruption via
malformed EC private key
- debian/patches/CVE-2015-0209.patch: fix use after free in
crypto/ec/ec_asn1.c.
- debian/patches/CVE-2015-0209-2.patch: fix a failure to NULL a pointer
freed on error in crypto/asn1/x_x509.c, crypto/ec/ec_asn1.c.
- CVE-2015-0209
* SECURITY UPDATE: denial of service via cert verification
- debian/patches/CVE-2015-0286.patch: handle boolean types in
crypto/asn1/a_type.c.
- CVE-2015-0286
* SECURITY UPDATE: ASN.1 structure reuse memory corruption
- debian/patches/CVE-2015-0287.patch: free up structures in
crypto/asn1/tasn_dec.c.
- CVE-2015-0287
* SECURITY UPDATE: denial of service via invalid certificate key
- debian/patches/CVE-2015-0288.patch: check public key isn't NULL in
crypto/x509/x509_req.c.
- CVE-2015-0288
* SECURITY UPDATE: denial of service and possible code execution via
PKCS#7 parsing
- debian/patches/CVE-2015-0289.patch: handle missing content in
crypto/pkcs7/pk7_doit.c, crypto/pkcs7/pk7_lib.c.
- CVE-2015-0289
* SECURITY UPDATE: denial of service or memory corruption via base64
decoding
- debian/patches/CVE-2015-0292.patch: prevent underflow in
crypto/evp/encode.c.
- CVE-2015-0292
* SECURITY UPDATE: denial of service via assert in SSLv2 servers
- debian/patches/CVE-2015-0293.patch: check key lengths in
ssl/s2_lib.c, ssl/s2_srvr.c.
- debian/patches/CVE-2015-0293-2.patch: fix unsigned/signed warnings in
ssl/s2_srvr.c.
- CVE-2015-0293
-- Marc Deslauriers <email address hidden> Thu, 19 Mar 2015 10:04:30 -0400
-
openssl (1.0.1f-1ubuntu2.8) trusty-security; urgency=medium
* SECURITY UPDATE: denial of service via unexpected handshake when
no-ssl3 build option is used (not the default)
- debian/patches/CVE-2014-3569.patch: keep the old method for now in
ssl/s23_srvr.c.
- CVE-2014-3569
* SECURITY UPDATE: bignum squaring may produce incorrect results
- debian/patches/CVE-2014-3570.patch: fix bignum logic in
crypto/bn/asm/mips.pl, crypto/bn/asm/x86_64-gcc.c,
crypto/bn/bn_asm.c, removed crypto/bn/asm/mips3.s, added test to
crypto/bn/bntest.c.
- CVE-2014-3570
* SECURITY UPDATE: DTLS segmentation fault in dtls1_get_record
- debian/patches/CVE-2014-3571-1.patch: fix crash in ssl/d1_pkt.c,
ssl/s3_pkt.c.
- debian/patches/CVE-2014-3571-2.patch: make code more obvious in
ssl/d1_pkt.c.
- CVE-2014-3571
* SECURITY UPDATE: ECDHE silently downgrades to ECDH [Client]
- debian/patches/CVE-2014-3572.patch: don't skip server key exchange in
ssl/s3_clnt.c.
- CVE-2014-3572
* SECURITY UPDATE: certificate fingerprints can be modified
- debian/patches/CVE-2014-8275.patch: fix various fingerprint issues in
crypto/asn1/a_bitstr.c, crypto/asn1/a_type.c, crypto/asn1/a_verify.c,
crypto/asn1/asn1.h, crypto/asn1/asn1_err.c, crypto/asn1/x_algor.c,
crypto/dsa/dsa_asn1.c, crypto/ecdsa/ecs_vrf.c, crypto/x509/x509.h,
crypto/x509/x_all.c.
- CVE-2014-8275
* SECURITY UPDATE: RSA silently downgrades to EXPORT_RSA [Client]
- debian/patches/CVE-2015-0204.patch: only allow ephemeral RSA keys in
export ciphersuites in ssl/d1_srvr.c, ssl/s3_clnt.c, ssl/s3_srvr.c,
ssl/ssl.h, adjust documentation in doc/ssl/SSL_CTX_set_options.pod,
doc/ssl/SSL_CTX_set_tmp_rsa_callback.pod.
- CVE-2015-0204
* SECURITY UPDATE: DH client certificates accepted without verification
- debian/patches/CVE-2015-0205.patch: prevent use of DH client
certificates without sending certificate verify message in
ssl/s3_srvr.c.
- CVE-2015-0205
* SECURITY UPDATE: DTLS memory leak in dtls1_buffer_record
- debian/patches/CVE-2015-0206.patch: properly handle failures in
ssl/d1_pkt.c.
- CVE-2015-0206
-- Marc Deslauriers <email address hidden> Fri, 09 Jan 2015 09:57:48 -0500
-
openssl (1.0.1f-1ubuntu2.7) trusty-security; urgency=medium
* SECURITY UPDATE: denial of service via DTLS SRTP memory leak
- debian/patches/CVE-2014-3513.patch: fix logic in ssl/d1_srtp.c,
ssl/srtp.h, ssl/t1_lib.c, util/mk1mf.pl, util/mkdef.pl,
util/ssleay.num.
- CVE-2014-3513
* SECURITY UPDATE: denial of service via session ticket integrity check
memory leak
- debian/patches/CVE-2014-3567.patch: perform cleanup in ssl/t1_lib.c.
- CVE-2014-3567
* SECURITY UPDATE: fix the no-ssl3 build option
- debian/patches/CVE-2014-3568.patch: fix conditional code in
ssl/s23_clnt.c, ssl/s23_srvr.c.
- CVE-2014-3568
* SECURITY IMPROVEMENT: Added TLS_FALLBACK_SCSV support to mitigate a
protocol downgrade attack to SSLv3 that exposes the POODLE attack.
- debian/patches/tls_fallback_scsv_support.patch: added support for
TLS_FALLBACK_SCSV in apps/s_client.c, crypto/err/openssl.ec,
ssl/d1_lib.c, ssl/dtls1.h, ssl/s23_clnt.c, ssl/s23_srvr.c,
ssl/s2_lib.c, ssl/s3_enc.c, ssl/s3_lib.c, ssl/ssl.h, ssl/ssl3.h,
ssl/ssl_err.c, ssl/ssl_lib.c, ssl/t1_enc.c, ssl/tls1.h,
doc/apps/s_client.pod, doc/ssl/SSL_CTX_set_mode.pod.
-- Marc Deslauriers <email address hidden> Wed, 15 Oct 2014 12:56:03 -0400
-
openssl (1.0.1f-1ubuntu2.5) trusty-security; urgency=medium
* SECURITY UPDATE: double free when processing DTLS packets
- debian/patches/CVE-2014-3505.patch: fix double free in ssl/d1_both.c.
- CVE-2014-3505
* SECURITY UPDATE: DTLS memory exhaustion
- debian/patches/CVE-2014-3506.patch: fix DTLS handshake message size
checks in ssl/d1_both.c.
- CVE-2014-3506
* SECURITY UPDATE: DTLS memory leak from zero-length fragments
- debian/patches/CVE-2014-3507.patch: fix memory leak and return codes
in ssl/d1_both.c.
- CVE-2014-3507
* SECURITY UPDATE: information leak in pretty printing functions
- debian/patches/CVE-2014-3508.patch: fix OID handling in
crypto/asn1/a_object.c, crypto/objects/obj_dat.c.
- CVE-2014-3508
* SECURITY UPDATE: race condition in ssl_parse_serverhello_tlsext
- debian/patches/CVE-2014-3509.patch: fix race in ssl/t1_lib.c.
- CVE-2014-3509
* SECURITY UPDATE: DTLS anonymous EC(DH) denial of service
- debian/patches/CVE-2014-3510.patch: check for server certs in
ssl/d1_clnt.c, ssl/s3_clnt.c.
- CVE-2014-3510
* SECURITY UPDATE: TLS protocol downgrade attack
- debian/patches/CVE-2014-3511.patch: properly handle fragments in
ssl/s23_srvr.c.
- CVE-2014-3511
* SECURITY UPDATE: SRP buffer overrun
- debian/patches/CVE-2014-3512.patch: check parameters in
crypto/srp/srp_lib.c.
- CVE-2014-3512
* SECURITY UPDATE: crash with SRP ciphersuite in Server Hello message
- debian/patches/CVE-2014-5139.patch: fix SRP authentication and make
sure ciphersuite is set up correctly in ssl/s3_clnt.c, ssl/ssl_lib.c,
ssl/s3_lib.c, ssl/ssl.h, ssl/ssl_ciph.c, ssl/ssl_locl.h.
- CVE-2014-5139
-- Marc Deslauriers <email address hidden> Thu, 07 Aug 2014 08:03:21 -0400
-
openssl (1.0.1f-1ubuntu2.4) trusty-security; urgency=medium
* SECURITY UPDATE: regression with certain renegotiations (LP: #1332643)
- debian/patches/CVE-2014-0224-regression2.patch: accept CCS after
sending finished ssl/s3_clnt.c.
-- Marc Deslauriers <email address hidden> Fri, 20 Jun 2014 13:55:11 -0400
-
openssl (1.0.1f-1ubuntu2.3) trusty-security; urgency=medium
* SECURITY UPDATE: regression with tls_session_secret_cb (LP: #1329297)
- debian/patches/CVE-2014-0224.patch: set the CCS_OK flag when using
tls_session_secret_cb for session resumption in ssl/s3_clnt.c.
-- Marc Deslauriers <email address hidden> Thu, 12 Jun 2014 08:29:16 -0400
-
openssl (1.0.1f-1ubuntu2.2) trusty-security; urgency=medium
* SECURITY UPDATE: arbitrary code execution via DTLS invalid fragment
- debian/patches/CVE-2014-0195.patch: add consistency check for DTLS
fragments in ssl/d1_both.c.
- CVE-2014-0195
* SECURITY UPDATE: denial of service via DTLS recursion flaw
- debian/patches/CVE-2014-0221.patch: handle DTLS hello request without
recursion in ssl/d1_both.c.
- CVE-2014-0221
* SECURITY UPDATE: MITM via change cipher spec
- debian/patches/CVE-2014-0224-1.patch: only accept change cipher spec
when it is expected in ssl/s3_clnt.c, ssl/s3_pkt.c, ssl/s3_srvr.c,
ssl/ssl3.h.
- debian/patches/CVE-2014-0224-2.patch: don't accept zero length master
secrets in ssl/s3_pkt.c.
- debian/patches/CVE-2014-0224-3.patch: allow CCS after resumption in
ssl/s3_clnt.c.
- CVE-2014-0224
* SECURITY UPDATE: denial of service via ECDH null session cert
- debian/patches/CVE-2014-3470.patch: check session_cert is not NULL
before dereferencing it in ssl/s3_clnt.c.
- CVE-2014-3470
-- Marc Deslauriers <email address hidden> Mon, 02 Jun 2014 13:57:34 -0400
-
openssl (1.0.1f-1ubuntu2.1) trusty-security; urgency=medium
* SECURITY UPDATE: denial of service via use after free
- debian/patches/CVE-2010-5298.patch: check s->s3->rbuf.left before
releasing buffers in ssl/s3_pkt.c.
- CVE-2010-5298
* SECURITY UPDATE: denial of service via null pointer dereference
- debian/patches/CVE-2014-0198.patch: if buffer was released, get a new
one in ssl/s3_pkt.c.
- CVE-2014-0198
-- Marc Deslauriers <email address hidden> Fri, 02 May 2014 15:23:01 -0400
-
openssl (1.0.1f-1ubuntu2) trusty; urgency=medium
* SECURITY UPDATE: side-channel attack on Montgomery ladder implementation
- debian/patches/CVE-2014-0076.patch: add and use constant time swap in
crypto/bn/bn.h, crypto/bn/bn_lib.c, crypto/ec/ec2_mult.c,
util/libeay.num.
- CVE-2014-0076
* SECURITY UPDATE: memory disclosure in TLS heartbeat extension
- debian/patches/CVE-2014-0160.patch: use correct lengths in
ssl/d1_both.c, ssl/t1_lib.c.
- CVE-2014-0160
-- Marc Deslauriers <email address hidden> Mon, 07 Apr 2014 15:37:53 -0400
-
openssl (1.0.1f-1ubuntu1) trusty; urgency=low
* Merge with Debian, remaining changes.
- debian/libssl1.0.0.postinst:
+ Display a system restart required notification on libssl1.0.0
upgrade on servers.
+ Use a different priority for libssl1.0.0/restart-services depending
on whether a desktop, or server dist-upgrade is being performed.
- debian/{libssl1.0.0-udeb.dirs, control, rules}: Create
libssl1.0.0-udeb, for the benefit of wget-udeb (no wget-udeb package
in Debian).
- debian/{libcrypto1.0.0-udeb.dirs, libssl1.0.0.dirs, libssl1.0.0.files,
rules}: Move runtime libraries to /lib, for the benefit of
wpasupplicant.
- debian/patches/perlpath-quilt.patch: Don't change perl #! paths under
.pc.
- debian/rules:
+ Don't run 'make test' when cross-building.
+ Use host compiler when cross-building. Patch from Neil Williams.
+ Don't build for processors no longer supported: i586 (on i386)
+ Fix Makefile to properly clean up libs/ dirs in clean target.
+ Replace duplicate files in the doc directory with symlinks.
- debian/control: Mark Debian Vcs-* as XS-Debian-Vcs-*
- debian/patches/ubuntu_deb676533_arm_asm.patch: Enable arm assembly
code.
- debian/rules: Enable optimized 64bit elliptic curve code contributed
by Google.
* Dropped changes:
- debian/patches/arm64-support: included in debian-targets.patch
- debian/patches/no_default_rdrand.patch: upstream
- debian/patches/openssl-1.0.1e-env-zlib.patch: zlib is now completely
disabled in debian/rules
openssl (1.0.1f-1) unstable; urgency=high
* New upstream version
- Fix for TLS record tampering bug CVE-2013-4353
- Drop the snapshot patch
* update watch file to check for upstream signature and add upstream pgp key.
* Drop conflicts against openssh since we now on a released version again.
openssl (1.0.1e-6) unstable; urgency=medium
* Add Breaks: openssh-client (<< 1:6.4p1-1.1), openssh-server (<<
1:6.4p1-1.1). This is to prevent people running into #732940.
This Breaks can be removed again when we stop using a git snapshot.
openssl (1.0.1e-5) unstable; urgency=low
* Change default digest to SHA256 instead of SHA1. (Closes: #694738)
* Drop support for multiple certificates in 1 file. It never worked
properly in the first place, and the only one shipping in
ca-certificates has been split.
* Fix libdoc-manpgs-pod-spell.patch to only fix spalling errors
* Remove make-targets.patch. It prevented the test dir from being cleaned.
* Update to a git snapshot of the OpenSSL_1_0_1-stable branch.
- Fixes CVE-2013-6449 (Closes: #732754)
- Fixes CVE-2013-6450
- Drop patches ssltest_no_sslv2.patch cpuid.patch aesni-mac.patch
dtls_version.patch get_certificate.patch, since they where all
already commited upstream.
- adjust fix-pod-errors.patch for the reordering of items in the
documentation they've done trying to fix those pod errors.
- disable rdrand engine by default (Closes: #732710)
* disable zlib support. Fixes CVE-2012-4929 (Closes: #728055)
* Add arm64 support (Closes: #732348)
* Properly use the default number of bits in req when none are given
-- Marc Deslauriers <email address hidden> Wed, 08 Jan 2014 15:57:24 -0500
-
openssl (1.0.1e-4ubuntu4) trusty; urgency=low
* debian/patches/no_default_rdrand.patch: Don't use rdrand engine as
default unless explicitly requested.
-- Marc Deslauriers <email address hidden> Thu, 19 Dec 2013 15:39:22 -0500
-
openssl (1.0.1e-4ubuntu3) trusty; urgency=medium
* Update debian configuration.
-- Matthias Klose <email address hidden> Thu, 05 Dec 2013 14:34:48 +0100
-
openssl (1.0.1e-4ubuntu2) trusty; urgency=low
* Re-enable full TLSv1.2 support (LP: #1257877)
- debian/patches/tls12_workarounds.patch: disable patch to re-enable
full TLSv1.2 support. Most problematic sites have been fixed now, and
we really want proper TLSv1.2 support in an LTS.
-- Marc Deslauriers <email address hidden> Wed, 04 Dec 2013 12:33:44 -0500
-
openssl (1.0.1e-4ubuntu1) trusty; urgency=low
* Merge with Debian; remaining changes same as in 1.0.1e-3ubuntu1.
openssl (1.0.1e-4) unstable; urgency=low
[ Peter Michael Green ]
* Fix pod errors (Closes: #723954)
* Fix clean target
[ Kurt Roeckx ]
* Add mipsn32 and mips64 targets. Patch from Eleanor Chen
<email address hidden> (Closes: #720654)
* Add support for nocheck in DEB_BUILD_OPTIONS
* Update Norwegian translation (Closes: #653574)
* Update description of the packages. Patch by Justin B Rye
(Closes: #719262)
* change to debhelper compat level 9:
- change dh_strip call so only the files from libssl1.0.0 get debug
symbols.
- change dh_makeshlibs call so the engines don't get added to the
shlibs
* Update Standards-Version from 3.8.0 to 3.9.5. No changes required.
-- Matthias Klose <email address hidden> Wed, 04 Dec 2013 11:28:00 +0100
-
openssl (1.0.1e-3ubuntu1) saucy; urgency=low
* Merge with Debian, remaining changes.
- debian/libssl1.0.0.postinst:
+ Display a system restart required notification on libssl1.0.0
upgrade on servers.
+ Use a different priority for libssl1.0.0/restart-services depending
on whether a desktop, or server dist-upgrade is being performed.
- debian/{libssl1.0.0-udeb.dirs, control, rules}: Create
libssl1.0.0-udeb, for the benefit of wget-udeb (no wget-udeb package
in Debian).
- debian/{libcrypto1.0.0-udeb.dirs, libssl1.0.0.dirs, libssl1.0.0.files,
rules}: Move runtime libraries to /lib, for the benefit of
wpasupplicant.
- debian/patches/perlpath-quilt.patch: Don't change perl #! paths under
.pc.
- debian/rules:
+ Don't run 'make test' when cross-building.
+ Use host compiler when cross-building. Patch from Neil Williams.
+ Don't build for processors no longer supported: i586 (on i386)
+ Fix Makefile to properly clean up libs/ dirs in clean target.
+ Replace duplicate files in the doc directory with symlinks.
- Unapply patch c_rehash-multi and comment it out in the series as it
breaks parsing of certificates with CRLF line endings and other cases
(see Debian #642314 for discussion), it also changes the semantics of
c_rehash directories by requiring applications to parse hash link
targets as files containing potentially *multiple* certificates rather
than exactly one.
- debian/patches/tls12_workarounds.patch: Workaround large client hello
issues when TLS 1.1 and lower is in use
- debian/control: Mark Debian Vcs-* as XS-Debian-Vcs-*
- debian/patches/ubuntu_deb676533_arm_asm.patch: Enable arm assembly
code.
- debian/patches/arm64-support: Add basic arm64 support (no assembler)
- debian/rules: Enable optimized 64bit elliptic curve code contributed
by Google.
* debian/patches/tls12_workarounds.patch: updated to also disable TLS 1.2
in test suite since we disable it in the client.
* Disable compression to avoid CRIME systemwide (CVE-2012-4929).
* Dropped changes:
- debian/patches/ubuntu_deb676533_arm_asm.patch, applied in Debian.
openssl (1.0.1e-3) unstable; urgency=low
* Move <openssl/opensslconf.h> to /usr/include/$(DEB_HOST_MULTIARCH), and
mark libssl-dev Multi-Arch: same.
Patch by Colin Watson <email address hidden> (Closes: #689093)
* Add Polish translation (Closes: #658162)
* Add Turkish translation (Closes: #660971)
* Enable assembler for the arm targets, and remove armeb.
Patch by Riku Voipio <email address hidden> (Closes: #676533)
* Add support for x32 (Closes: #698406)
* enable ec_nistp_64_gcc_128 on *-amd64 (Closes: #698447)
-- Matthias Klose <email address hidden> Mon, 15 Jul 2013 14:07:52 +0200
