Package "openssl098"
Name: |
openssl098
|
Description: |
This package is just an umbrella for a group of other packages,
it has no description. Description samples from packages in group:
- SSL shared libraries
- Symbol tables for libssl and libcrypto
|
Latest version: |
0.9.8o-7ubuntu3.2 |
Release: |
precise (12.04) |
Level: |
updates |
Repository: |
universe |
Links
Other versions of "openssl098" in Precise
Packages in group
Deleted packages are displayed in grey.
Changelog
openssl098 (0.9.8o-7ubuntu3.2) precise-security; urgency=medium
* SECURITY UPDATE: regression with certain renegotiations (LP: #1332643)
- debian/patches/CVE-2014-0224-regression2.patch: accept CCS after
sending finished ssl/s3_clnt.c.
* Bring up to date with latest security patches from Ubuntu 10.04:
(LP: #1331452)
* SECURITY UPDATE: MITM via change cipher spec
- debian/patches/CVE-2014-0224-1.patch: only accept change cipher spec
when it is expected in ssl/s3_clnt.c, ssl/s3_pkt.c, ssl/s3_srvr.c,
ssl/ssl3.h.
- debian/patches/CVE-2014-0224-2.patch: don't accept zero length master
secrets in ssl/s3_pkt.c.
- debian/patches/CVE-2014-0224-3.patch: allow CCS after resumption in
ssl/s3_clnt.c.
- CVE-2014-0224
* SECURITY UPDATE: denial of service via DTLS recursion flaw
- debian/patches/CVE-2014-0221.patch: handle DTLS hello request without
recursion in ssl/d1_both.c.
- CVE-2014-0221
* SECURITY UPDATE: arbitrary code execution via DTLS invalid fragment
- debian/patches/CVE-2014-0195.patch: add consistency check for DTLS
fragments in ssl/d1_both.c.
- CVE-2014-0195
* SECURITY UPDATE: "Lucky Thirteen" timing side-channel TLS attack
- debian/patches/CVE-2013-0169.patch: massive code changes
- CVE-2013-0169
* SECURITY UPDATE: denial of service via invalid OCSP key
- debian/patches/CVE-2013-0166.patch: properly handle NULL key in
crypto/asn1/a_verify.c, crypto/ocsp/ocsp_vfy.c.
- CVE-2013-0166
* SECURITY UPDATE: denial of service attack in DTLS implementation
- debian/patches/CVE_2012-2333.patch: guard for integer overflow
before skipping explicit IV
- CVE-2012-2333
* SECURITY UPDATE: million message attack (MMA) in CMS and PKCS #7
- debian/patches/CVE-2012-0884.patch: use a random key if RSA
decryption fails to avoid leaking timing information
- CVE-2012-0884
* debian/patches/CVE-2012-0884-extra.patch: detect symmetric crypto
- errors in PKCS7_decrypt and initialize tkeylen properly when
encrypting CMS messages.
-- Louis Bouchard <email address hidden> Wed, 18 Jun 2014 12:22:48 +0200
|
Source diff to previous version |
1332643 |
pg_dump: Error message from server: SSL error: ccs received early |
1331452 |
Please backport current CVEs for Precise LTS openssl098 |
CVE-2014-0224 |
SSL/TLS MITM vulnerability |
CVE-2014-0221 |
DTLS recursion flaw |
CVE-2014-0195 |
DTLS invalid fragment vulnerability |
CVE-2013-0169 |
The TLS protocol 1.1 and 1.2 and the DTLS protocol 1.0 and 1.2, as used in OpenSSL, OpenJDK, PolarSSL, and other products, do not properly consider t |
CVE-2013-0166 |
OpenSSL before 0.9.8y, 1.0.0 before 1.0.0k, and 1.0.1 before 1.0.1d does not properly perform signature verification for OCSP responses, which allows |
CVE-2012-2333 |
Integer underflow in OpenSSL before 0.9.8x, 1.0.0 before 1.0.0j, and 1.0.1 before 1.0.1c, when TLS 1.1, TLS 1.2, or DTLS is used with CBC encryption, |
CVE-2012-0884 |
The implementation of Cryptographic Message Syntax (CMS) and PKCS #7 in OpenSSL before 0.9.8u and 1.x before 1.0.0h does not properly restrict certain |
|
openssl098 (0.9.8o-7ubuntu3.1) precise-security; urgency=low
* Bring up to date with latest security patches from Ubuntu 11.04:
* SECURITY UPDATE: ECDSA private key timing attack
- debian/patches/CVE-2011-1945.patch: compute with fixed scalar
length
- CVE-2011-1945
* SECURITY UPDATE: ECDH ciphersuite denial of service
- debian/patches/CVE-2011-3210.patch: fix memory usage for thread
safety
- CVE-2011-3210
* SECURITY UPDATE: DTLS plaintext recovery attack
- debian/patches/CVE-2011-4108.patch: perform all computations
before discarding messages
- CVE-2011-4108
* SECURITY UPDATE: policy check double free vulnerability
- debian/patches/CVE-2011-4019.patch: only free domain policyin
one location
- CVE-2011-4019
* SECURITY UPDATE: SSL 3.0 block padding exposure
- debian/patches/CVE-2011-4576.patch: clear bytes used for block
padding of SSL 3.0 records.
- CVE-2011-4576
* SECURITY UPDATE: malformed RFC 3779 data denial of service attack
- debian/patches/CVE-2011-4577.patch: prevent malformed RFC3779
data from triggering an assertion failure
- CVE-2011-4577
* SECURITY UPDATE: Server Gated Cryptography (SGC) denial of service
- debian/patches/CVE-2011-4619.patch: Only allow one SGC handshake
restart for SSL/TLS.
- CVE-2011-4619
* SECURITY UPDATE: fix for CVE-2011-4108 denial of service attack
- debian/patches/CVE-2012-0050.patch: improve handling of DTLS MAC
- CVE-2012-0050
* SECURITY UPDATE: NULL pointer dereference in S/MIME messages with broken
headers
- debian/patches/CVE-2006-7250+2012-1165.patch: adjust mime_hdr_cmp()
and mime_param_cmp() to not dereference the compared strings if either
is NULL
- CVE-2006-7250
- CVE-2012-1165
* SECURITY UPDATE: fix various overflows
- debian/patches/CVE-2012-2110.patch: adjust crypto/a_d2i_fp.c,
crypto/buffer.c and crypto/mem.c to verify size of lengths
- CVE-2012-2110
* SECURITY UPDATE: incomplete fix for CVE-2012-2110
- debian/patches/CVE-2012-2131.patch: also verify 'len' in BUF_MEM_grow
and BUF_MEM_grow_clean is non-negative
- CVE-2012-2131
* debian/patches/CVE-2012-2110b.patch: Use correct error code in
BUF_MEM_grow_clean()
-- Jamie Strandboge Tue, 24 Apr 2012 10:06:47 -0500
|
CVE-2011-1945 |
The elliptic curve cryptography (ECC) subsystem in OpenSSL 1.0.0d and earlier, when the Elliptic Curve Digital Signature Algorithm (ECDSA) is used for |
CVE-2011-3210 |
The ephemeral ECDH ciphersuite functionality in OpenSSL 0.9.8 through 0.9.8r and 1.0.x before 1.0.0e does not ensure thread safety during processing o |
CVE-2011-4108 |
The DTLS implementation in OpenSSL before 0.9.8s and 1.x before 1.0.0f performs a MAC check only if certain padding is valid, which makes it easier fo |
CVE-2011-4019 |
RESERVED |
CVE-2011-4576 |
The SSL 3.0 implementation in OpenSSL before 0.9.8s and 1.x before 1.0.0f does not properly initialize data structures for block cipher padding, which |
CVE-2011-4577 |
OpenSSL before 0.9.8s and 1.x before 1.0.0f, when RFC 3779 support is enabled, allows remote attackers to cause a denial of service (assertion failure |
CVE-2011-4619 |
The Server Gated Cryptography (SGC) implementation in OpenSSL before 0.9.8s and 1.x before 1.0.0f does not properly handle handshake restarts, which a |
CVE-2012-0050 |
OpenSSL 0.9.8s and 1.0.0f does not properly support DTLS applications, which allows remote attackers to cause a denial of service via unspecified vect |
CVE-2006-7250 |
The mime_hdr_cmp function in crypto/asn1/asn_mime.c in OpenSSL 0.9.8t and earlier allows remote attackers to cause a denial of service (NULL pointer d |
CVE-2012-1165 |
The mime_param_cmp function in crypto/asn1/asn_mime.c in OpenSSL before 0.9.8u and 1.x before 1.0.0h allows remote attackers to cause a denial of serv |
CVE-2012-2110 |
ossl DER int conversion issues |
CVE-2012-2131 |
ASN1 BIO incomplete fix |
|
About
-
Send Feedback to @ubuntu_updates