~ubuntu-branches/ubuntu/hardy/openssl/hardy-security : changes

~ubuntu-branches/ubuntu/hardy/openssl/hardy-security » Changes from revision 37

From Revision 31 to 12

Rev	Summary	Authors	Tags	Date
31	* SECURITY UPDATE: TLS race condition leading to a buffer ov... * SECURITY UPDATE: TLS race condition leading to a buffer overflow and possible code execution. (LP: #676243) - ssl/t1_lib.c: stricter NULL/not-NULL checking - http://openssl.org/news/secadv_20101116.txt - CVE-2010-3864	Steve Beattie	0.9.8g-4ubuntu3.12	14 years ago
30	* SECURITY UPDATE: denial of service and possible code execu... * SECURITY UPDATE: denial of service and possible code execution via unchecked bn_wexpand return values. (LP: #655884) - crypto/bn/{bn_mul,bn_div,bn_gf2m}.c, crypto/ec/ec2_smpl.c, engines/e_ubsec.c: check return values. - http://cvs.openssl.org/chngview?cn=18936 - http://cvs.openssl.org/chngview?cn=19309 - CVE-2009-3245 * SECURITY UPDATE: denial of service and possible code execution via crafted private key with an invalid prime. - ssl/s3_clnt.c: set bn_ctx to NULL after freeing it. - http://www.mail-archive.com/openssl-dev@openssl.org/msg28049.html - CVE-2010-2939	Marc Deslauriers	0.9.8g-4ubuntu3.11	14 years ago
29	* SECURITY UPDATE: TLS renegotiation flaw (LP: #616759) * SECURITY UPDATE: TLS renegotiation flaw (LP: #616759) - apps/{s_cb,s_client,s_server}.c, doc/ssl/SSL_CTX_set_options.pod, ssl/{d1_both,d1_clnt,d1_srvr,s3_both,s3_clnt,s3_pkt,s3_srvr,ssl_err, ssl_lib,t1_lib,t1_reneg}.c, ssl/Makefile, ssl/{ssl3,ssl,ssl_locl, tls1}.h: backport rfc5746 support from openssl 0.9.8m. - CVE-2009-3555 * Enable tlsext, and backport some patches from jaunty now that tlsext is enabled. - Fix a problem with tlsext preventing firefox 3 from connection. - Don't add extentions to ssl v3 connections. It breaks with some other software.	Marc Deslauriers	0.9.8g-4ubuntu3.10	14 years ago
28	* SECURITY UPDATE: memory leak possible during state clean-u... * SECURITY UPDATE: memory leak possible during state clean-up. - crypto/comp/c_zlib.c: upstream fixes applied inline. - CVE-2009-4355	Kees Cook	0.9.8g-4ubuntu3.9	14 years ago
27	* SECURITY UPDATE: certificate spoofing via hash collisions ... * SECURITY UPDATE: certificate spoofing via hash collisions from MD2 design flaws. - crypto/evp/c_alld.c, ssl/ssl_algs.c: disable MD2 digest. - crypto/x509/x509_vfy.c: skip signature check for self signed certificates - http://marc.info/?l=openssl-cvs&m=124508133203041&w=2 - http://marc.info/?l=openssl-cvs&m=124704528713852&w=2 - CVE-2009-2409	Marc Deslauriers	0.9.8g-4ubuntu3.8	15 years ago
26	* SECURITY UPDATE: denial of service via memory consumption ... * SECURITY UPDATE: denial of service via memory consumption from large number of future epoch DTLS records. - crypto/pqueue.: add new pqueue_size counter function. - ssl/d1_pkt.c: use pqueue_size to limit size of queue to 100. - http://cvs.openssl.org/chngview?cn=18187 - CVE-2009-1377 SECURITY UPDATE: denial of service via memory consumption from duplicate or invalid sequence numbers in DTLS records. - ssl/d1_both.c: discard message if it's a duplicate or too far in the future. - http://marc.info/?l=openssl-dev&m=124263491424212&w=2 - CVE-2009-1378 * SECURITY UPDATE: denial of service or other impact via use-after-free in dtls1_retrieve_buffered_fragment. - ssl/d1_both.c: use temp frag_len instead of freed frag. - http://rt.openssl.org/Ticket/Display.html?id=1923 - CVE-2009-1379 * SECURITY UPDATE: denial of service via DTLS ChangeCipherSpec packet that occurs before ClientHello. - ssl/s3_pkt.c: abort if s->session is NULL. - ssl/{ssl.h,ssl_err.c}: add new error codes. - http://cvs.openssl.org/chngview?cn=17369 - CVE-2009-1386 * SECURITY UPDATE: denial of service via an out-of-sequence DTLS handshake message. - ssl/d1_both.c: don't buffer fragments with no data. - http://cvs.openssl.org/chngview?cn=17958 - CVE-2009-1387	Marc Deslauriers	0.9.8g-4ubuntu3.7	15 years ago
25	* SECURITY UPDATE: crash via invalid memory access when prin... * SECURITY UPDATE: crash via invalid memory access when printing BMPString or UniversalString with invalid length - crypto/asn1/tasn_dec.c, crypto/asn1/asn1_err.c and crypto/asn1/asn1.h: return error if invalid length - CVE-2009-0590 - http://www.openssl.org/news/secadv_20090325.txt - patch from upstream CVS: crypto/asn1/asn1.h:1.128.2.11->1.128.2.12 crypto/asn1/asn1_err.c:1.54.2.4->1.54.2.5 crypto/asn1/tasn_dec.c:1.26.2.10->1.26.2.11	Jamie Strandboge	0.9.8g-4ubuntu3.5	15 years ago
24	* SECURITY UPDATE: clients treat malformed signatures as goo... * SECURITY UPDATE: clients treat malformed signatures as good when verifying server DSA and ECDSA certificates - update apps/speed.c, apps/spkac.c, apps/verify.c, apps/x509.c, ssl/s2_clnt.c, ssl/s2_srvr.c, ssl/s3_clnt.c, s3_srvr.c, and ssl/ssltest.c to properly check the return code of EVP_VerifyFinal() - patch based on upstream patch for #2008-016 - CVE-2008-5077	Jamie Strandboge	0.9.8g-4ubuntu3.4	15 years ago
23	* SECURITY UPDATE: fix denial of service when 'Server Key ex... * SECURITY UPDATE: fix denial of service when 'Server Key exchange message' is omitted from a TLS handshake * ssl/s3_clnt.c: make sure s->session->sess_cert is not NULL * SECURITY UPDATE: fix denial of service when using tlsext. Note that this version of openssl does not use tlsext by default. * ssl/t1_lib.c: make sure s->session->tlsext_hostname is set to NULL to prevent double free. * References CVE-2008-1672 CVE-2008-0891 LP: #235913	Jamie Strandboge	0.9.8g-4ubuntu3.3	16 years ago
22	* SECURITY UPDATE: PRNG seeding was not fully operational. * SECURITY UPDATE: PRNG seeding was not fully operational. * crypto/rand/md_rand.c: restore upstream code.	Kees Cook	0.9.8g-4ubuntu3.1	16 years ago
21	* Use a different priority for libssl0.9.8/restart-services ... * Use a different priority for libssl0.9.8/restart-services depending on whether a desktop, or server dist-upgrade is being performed. (LP: #91814) * Display a system restart required notification bubble on libssl0.9.8 upgrade.	Luke Yelavich	0.9.8g-4ubuntu3	16 years ago
20	Ship documentation in new openssl-doc package, since it is v... Ship documentation in new openssl-doc package, since it is very large and not terribly useful for the casual desktop user.	Martin Pitt	0.9.8g-4ubuntu2	16 years ago
19	* Merge from unstable; remaining changes: * Merge from unstable; remaining changes: - Configure: Add support for lpia. - Replace duplicate files in the doc directory with symlinks. - Link using -Bsymbolic-functions.	Matthias Klose	0.9.8g-4ubuntu1	16 years ago
18	* Merge with Debian; remaining changes: * Merge with Debian; remaining changes: - Configure: Add support for lpia. - Replace duplicate files in the doc directory with symlinks.	Matthias Klose	0.9.8g-3ubuntu1	17 years ago
17	Replace duplicate files in the doc directory with symlinks. Replace duplicate files in the doc directory with symlinks.	Matthias Klose	0.9.8e-5ubuntu3	17 years ago
16	[ Jamie Strandboge ] [ Jamie Strandboge ] * SECURITY UPDATE: off-by-one error in SSL_get_shared_ciphers() results in buffer overflow * ssl/ssl_lib.c: applied upstream patch from openssl CVS thanks to Stephan Hermann * References: CVE-2007-5135 http://www.securityfocus.com/archive/1/archive/1/480855/100/0/threaded Fixes LP: #146269 * Modify Maintainer value to match the DebianMaintainerField specification. [ Kees Cook ] * SECURITY UPDATE: side-channel attacks via BN_from_montgomery function. * crypto/bn/bn_mont.c: upstream patch from openssl CVS thanks to Debian. * References CVE-2007-3108	Kees Cook	0.9.8e-5ubuntu2	17 years ago
15	* Configure: Add support for lpia. * Configure: Add support for lpia. * Explicitely build using gcc-4.1 (PR other/31359).	Matthias Klose	0.9.8e-5ubuntu1	17 years ago
14	[ Christian Perrier ] [ Christian Perrier ] * Debconf templates proofread and slightly rewritten by the debian-l10n-english team as part of the Smith Review Project. Closes: #418584 * Debconf templates translations: - Arabic. Closes: #418669 - Russian. Closes: #418670 - Galician. Closes: #418671 - Swedish. Closes: #418679 - Korean. Closes: #418755 - Czech. Closes: #418768 - Basque. Closes: #418784 - German. Closes: #418785 - Traditional Chinese. Closes: #419915 - Brazilian Portuguese. Closes: #419959 - French. Closes: #420429 - Italian. Closes: #420461 - Japanese. Closes: #420482 - Catalan. Closes: #420833 - Dutch. Closes: #420925 - Malayalam. Closes: #420986 - Portuguese. Closes: #421032 - Romanian. Closes: #421708 [ Kurt Roeckx ] * Remove the Provides for the udeb. Patch from Frans Pop. (Closes: #419608) * Updated Spanish debconf template. (Closes: #421336) * Do the header changes, changing those defines into real functions, and bump the shlibs to match. * Update Japanese debconf translation. (Closes: #422270)	Kurt Roeckx	0.9.8e-5	17 years ago
13	openssl should depend on libssl0.9.8 0.9.8e-1 since it openssl should depend on libssl0.9.8 0.9.8e-1 since it uses some of the defines that changed to functions. Other things build against libssl or libcrypto shouldn't have this problem since they use the old headers. (Closes: #414283)	Kurt Roeckx	0.9.8e-4	17 years ago
12	Rebuild for changes in the amd64 toolchain. Rebuild for changes in the amd64 toolchain.	Matthias Klose	0.9.8c-4build1	17 years ago

Older »