1
openssl (0.9.8k-7ubuntu8.8) lucid-security; urgency=low
3
* SECURITY UPDATE: ECDSA private key timing attack
4
- debian/patches/CVE-2011-1945.patch: compute with fixed scalar
7
* SECURITY UPDATE: ECDH ciphersuite denial of service
8
- debian/patches/CVE-2011-3210.patch: fix memory usage for thread
11
* SECURITY UPDATE: DTLS plaintext recovery attack
12
- debian/patches/CVE-2011-4108.patch: perform all computations
13
before discarding messages
15
* SECURITY UPDATE: policy check double free vulnerability
16
- debian/patches/CVE-2011-4019.patch: only free domain policyin
19
* SECURITY UPDATE: SSL 3.0 block padding exposure
20
- debian/patches/CVE-2011-4576.patch: clear bytes used for block
21
padding of SSL 3.0 records.
23
* SECURITY UPDATE: malformed RFC 3779 data denial of service attack
24
- debian/patches/CVE-2011-4577.patch: prevent malformed RFC3779
25
data from triggering an assertion failure
27
* SECURITY UPDATE: Server Gated Cryptography (SGC) denial of service
28
- debian/patches/CVE-2011-4619.patch: Only allow one SGC handshake
31
* SECURITY UPDATE: fix for CVE-2011-4108 denial of service attack
32
- debian/patches/CVE-2012-0050.patch: improve handling of DTLS MAC
34
* debian/patches/openssl-fix_ECDSA_tests.patch: fix ECDSA tests
35
* debian/libssl0.9.8.postinst: Only issue the reboot notification for
36
servers by testing that the X server is not running (LP: #244250)
38
-- Steve Beattie <sbeattie@ubuntu.com> Tue, 31 Jan 2012 01:41:34 -0800
1
40
openssl (0.9.8k-7ubuntu8.6) lucid-security; urgency=low
3
42
* SECURITY UPDATE: OCSP stapling vulnerability