UbuntuUpdates.org

Bugs fixes in "openssl"

Origin Bug number Title Date fixed
CVE CVE-2016-6304 OCSP Status Request extension unbounded memory growth 2016-09-22
CVE CVE-2016-6303 Integer overflow in the MDC2_Update function in crypto/mdc2/mdc2dgst.c in OpenSSL before 1.1.0 allows remote attackers to cause a denial of service ( 2016-09-22
CVE CVE-2016-6302 The tls_decrypt_ticket function in ssl/t1_lib.c in OpenSSL before 1.1.0 does not consider the HMAC size during validation of the ticket length, which 2016-09-22
CVE CVE-2016-2183 The DES and Triple DES ciphers, as used in the TLS, SSH, and IPSec protocols and other protocols and products, have a birthday bound of approximately 2016-09-22
CVE CVE-2016-2182 The BN_bn2dec function in crypto/bn/bn_print.c in OpenSSL before 1.1.0 does not properly validate division results, which allows remote attackers to 2016-09-22
CVE CVE-2016-2181 The Anti-Replay feature in the DTLS implementation in OpenSSL before 1.1.0 mishandles early use of a new epoch number in conjunction with a large seq 2016-09-22
CVE CVE-2016-2180 The TS_OBJ_print_bio function in crypto/ts/ts_lib.c in the X.509 Public Key Infrastructure Time-Stamp Protocol (TSP) implementation in OpenSSL throug 2016-09-22
CVE CVE-2016-2179 The DTLS implementation in OpenSSL before 1.1.0 does not properly restrict the lifetime of queue entries associated with unused out-of-order messages 2016-09-22
CVE CVE-2016-2178 The dsa_sign_setup function in crypto/dsa/dsa_ossl.c in OpenSSL through 1.0.2h does not properly ensure the use of constant-time operations, which ma 2016-09-22
Launchpad 1622500 Backported bugfix for CVE-2014-3571 causes regressions for DTLS in Ubuntu 14.04 2016-09-22
CVE CVE-2016-6304 OCSP Status Request extension unbounded memory growth 2016-09-22
CVE CVE-2016-6303 Integer overflow in the MDC2_Update function in crypto/mdc2/mdc2dgst.c in OpenSSL before 1.1.0 allows remote attackers to cause a denial of service ( 2016-09-22
CVE CVE-2016-6302 The tls_decrypt_ticket function in ssl/t1_lib.c in OpenSSL before 1.1.0 does not consider the HMAC size during validation of the ticket length, which 2016-09-22
CVE CVE-2016-2183 The DES and Triple DES ciphers, as used in the TLS, SSH, and IPSec protocols and other protocols and products, have a birthday bound of approximately 2016-09-22
CVE CVE-2016-2182 The BN_bn2dec function in crypto/bn/bn_print.c in OpenSSL before 1.1.0 does not properly validate division results, which allows remote attackers to 2016-09-22
CVE CVE-2016-2181 The Anti-Replay feature in the DTLS implementation in OpenSSL before 1.1.0 mishandles early use of a new epoch number in conjunction with a large seq 2016-09-22
CVE CVE-2016-2180 The TS_OBJ_print_bio function in crypto/ts/ts_lib.c in the X.509 Public Key Infrastructure Time-Stamp Protocol (TSP) implementation in OpenSSL throug 2016-09-22
CVE CVE-2016-2179 The DTLS implementation in OpenSSL before 1.1.0 does not properly restrict the lifetime of queue entries associated with unused out-of-order messages 2016-09-22
CVE CVE-2016-2178 The dsa_sign_setup function in crypto/dsa/dsa_ossl.c in OpenSSL through 1.0.2h does not properly ensure the use of constant-time operations, which ma 2016-09-22
Launchpad 1622500 Backported bugfix for CVE-2014-3571 causes regressions for DTLS in Ubuntu 14.04 2016-09-22



About   -   Send Feedback to @ubuntu_updates