~ubuntu-branches/ubuntu/oneiric/openssl/oneiric-security

Viewing all changes in revision 62.

  • Committer: Package Import Robot
  • Author(s): Steve Beattie
  • Date: 2012-02-08 16:06:24 UTC
  • Revision ID: package-import@ubuntu.com-20120208160624-h9z89w7bx1j9c604
Tags: 1.0.0e-2ubuntu4.2
* SECURITY UPDATE: DTLS plaintext recovery attack
  - debian/patches/CVE-2011-4108.patch: perform all computations
    before discarding messages
  - CVE-2011-4108
* SECURITY UPDATE: SSL 3.0 block padding exposure
  - debian/patches/CVE-2011-4576.patch: clear bytes used for block
    padding of SSL 3.0 records.
  - CVE-2011-4576
* SECURITY UPDATE: malformed RFC 3779 data denial of service attack
  - debian/patches/CVE-2011-4577.patch: prevent malformed RFC3779
    data from triggering an assertion failure
  - CVE-2011-4577
* SECURITY UPDATE: Server Gated Cryptography (SGC) denial of service
  - debian/patches/CVE-2011-4619.patch: Only allow one SGC handshake
    restart for SSL/TLS.
  - CVE-2011-4619
* SECURITY UPDATE: GOST block cipher denial of service
  - debian/patches/CVE-2012-0027.patch: check GOST parameters are
    not NULL
  - CVE-2012-0027
* SECURITY UPDATE: fix for CVE-2011-4108 denial of service attack
  - debian/patches/CVE-2012-0050.patch: improve handling of DTLS MAC
  - CVE-2012-0050

expand all expand all

Show diffs side-by-side

added added

removed removed

Lines of Context: