~ubuntu-branches/ubuntu/dapper/openssl/dapper-proposed

Viewing all changes in revision 13.

  • Committer: Bazaar Package Importer
  • Author(s): Marc Deslauriers
  • Date: 2009-06-11 10:31:47 UTC
  • Revision ID: james.westby@ubuntu.com-20090611103147-7cj2eulz93w8kom8
Tags: 0.9.8a-7ubuntu0.9
* SECURITY UPDATE: denial of service via memory consumption from large
  number of future epoch DTLS records.
  - crypto/pqueue.*: add new pqueue_size counter function.
  - ssl/d1_pkt.c: use pqueue_size to limit size of queue to 100.
  - http://cvs.openssl.org/chngview?cn=18187
  - CVE-2009-1377
* SECURITY UPDATE: denial of service via memory consumption from
  duplicate or invalid sequence numbers in DTLS records.
  - ssl/d1_both.c: discard message if it's a duplicate or too far in the
    future.
  - http://marc.info/?l=openssl-dev&m=124263491424212&w=2
  - CVE-2009-1378
* SECURITY UPDATE: denial of service or other impact via use-after-free
  in dtls1_retrieve_buffered_fragment.
  - ssl/d1_both.c: use temp frag_len instead of freed frag.
  - http://rt.openssl.org/Ticket/Display.html?id=1923
  - CVE-2009-1379
* SECURITY UPDATE: denial of service via DTLS ChangeCipherSpec packet
  that occurs before ClientHello.
  - ssl/s3_pkt.c: abort if s->session is NULL.
  - ssl/{ssl.h,ssl_err.c}: add new error codes.
  - http://cvs.openssl.org/chngview?cn=17369
  - CVE-2009-1386
* SECURITY UPDATE: denial of service via an out-of-sequence DTLS
  handshake message.
  - ssl/d1_both.c: don't buffer fragments with no data.
  - http://cvs.openssl.org/chngview?cn=17958
  - CVE-2009-1387

expand all expand all

Show diffs side-by-side

added added

removed removed

Lines of Context: