~ubuntu-branches/ubuntu/hardy/openssl/hardy-security

Viewing all changes in revision 33.

  • Committer: Package Import Robot
  • Author(s): Steve Beattie
  • Date: 2012-01-31 01:46:26 UTC
  • Revision ID: package-import@ubuntu.com-20120131014626-ffeo8a5xag43qawh
Tags: 0.9.8g-4ubuntu3.15
* SECURITY UPDATE: ECDSA private key timing attack
  - crypto/ecdsa/ecs_ossl.c: compute with fixed scalar length
  - http://cvs.openssl.org/chngview?cn=20892
  - CVE-2011-1945
* SECURITY UPDATE: ECDH ciphersuite denial of service
  - ssl/s3_lib.c, file ssl/s3_srvr.c: fix memory usage for thread
    safety
  - http://cvs.openssl.org/chngview?cn=21334
  - CVE-2011-3210
* SECURITY UPDATE: DTLS plaintext recovery attack (LP: #922229)
  - ssl/d1_pkt.c: perform all computations before discarding messages
  - http://cvs.openssl.org/chngview?cn=21942
  - http://cvs.openssl.org/chngview?cn=19574
  - CVE-2011-4108
* SECURITY UPDATE: policy check double free vulnerability
  - crypto/x509v3/pcy_map.c, crypto/x509v3/pcy_tree.c: only free
    domain policy in one location
  - http://cvs.openssl.org/chngview?cn=21941
  - CVE-2011-4019
* SECURITY UPDATE: incorrect elliptic curve computation TLS key
  exposure
  - crypto/bn/bn_nist.c: perform ellyiptic curve computations
    correctly
  - update to http://cvs.openssl.org/fileview?f=openssl/crypto/bn/bn_nist.c&v=1.20
  - CVE-2011-4354
* SECURITY UPDATE: SSL 3.0 block padding exposure
  - ssl/s3_enc.c: clear bytes used for block padding of SSL 3.0
    records.
  - http://cvs.openssl.org/chngview?cn=21940
  - CVE-2011-4576
* SECURITY UPDATE: malformed RFC 3779 data denial of service attack
  - crypto/x509v3/v3_addr.c: prevent malformed RFC3779 data
    from triggering an assertion failure
  - http://cvs.openssl.org/chngview?cn=21937
  - CVE-2011-4577
* SECURITY UPDATE: Server Gated Cryptography (SGC) denial of service
  - ssl/s3_srvr.c, ssl/ssl.h, ssl/ssl3.h, ssl/ssl_err.c: Only allow
    one SGC handshake restart for SSL/TLS.
  - CVE-2011-4619
* SECURITY UPDATE: fix for CVE-2011-4108 denial of service attack
  - ssl/d1_pkt.c: improve handling of DTLS MAC
  - http://cvs.openssl.org/chngview?cn=22032
  - CVE-2012-0050
* crypto/ecdsa/ecdsatest.c: fix ECDSA tests
  - http://cvs.openssl.org/chngview?cn=21777
  - http://cvs.openssl.org/chngview?cn=21995
* debian/libssl0.9.8.postinst: Only issue the reboot notification for
  servers by testing that the X server is not running (LP: #244250)

expand all expand all

Show diffs side-by-side

added added

removed removed

Lines of Context: