UbuntuUpdates.org

Package "libssl-doc"

Name: libssl-doc

Description:

Secure Sockets Layer toolkit - development documentation

Latest version: 1.1.1-1ubuntu2.2
Release: cosmic (18.10)
Level: updates
Repository: main
Head package: openssl
Homepage: https://www.openssl.org/

Links

Save this URL for the latest version of "libssl-doc": https://www.ubuntuupdates.org/libssl-doc


Download "libssl-doc"


Other versions of "libssl-doc" in Cosmic

Repository Area Version
base main 1.1.1-1ubuntu2
security main 1.1.1-1ubuntu2.1
proposed main 1.1.1-1ubuntu2.5

Changelog

Version: 1.1.1-1ubuntu2.2 2019-06-03 10:08:04 UTC

  openssl (1.1.1-1ubuntu2.2) cosmic; urgency=medium

  * debian/rules: Ship openssl.cnf in libssl1.1-udeb, as required to use
    OpenSSL by other udebs, e.g. wget-udeb. LP: #1822898

  * Drop debian/patches/UBUNTU-lower-tls-security-level-for-compat.patch
    to revert TLS_SECURITY_LEVEL back to 1. LP: #1822984

 -- Dimitri John Ledkov <email address hidden> Wed, 03 Apr 2019 20:37:01 +0100

Source diff to previous version
1822898 wget https://geoip.ubuntu.com/lookup fails in mini.iso d-i
1822984 revert tls security level back to 1

Version: 1.1.1-1ubuntu2.1 2018-12-06 20:07:11 UTC

  openssl (1.1.1-1ubuntu2.1) cosmic-security; urgency=medium

  * SECURITY UPDATE: timing side channel attack in DSA
    - debian/patches/CVE-2018-0734-1.patch: fix mod inverse in
      crypto/dsa/dsa_ossl.c.
    - debian/patches/CVE-2018-0734-2.patch: fix timing vulnerability in
      crypto/dsa/dsa_ossl.c.
    - debian/patches/CVE-2018-0734-3.patch: add a constant time flag in
      crypto/dsa/dsa_ossl.c.
    - CVE-2018-0734
  * SECURITY UPDATE: timing side channel attack in ECDSA
    - debian/patches/CVE-2018-0735.patch: fix timing vulberability in
      crypto/ec/ec_mult.c.
    - CVE-2018-0735

 -- Marc Deslauriers <email address hidden> Tue, 04 Dec 2018 08:15:09 -0500

CVE-2018-0734 The OpenSSL DSA signature algorithm has been shown to be vulnerable to a timing side channel attack. An attacker could use variations in the signing
CVE-2018-0735 The OpenSSL ECDSA signature algorithm has been shown to be vulnerable to a timing side channel attack. An attacker could use variations in the signin



About   -   Send Feedback to @ubuntu_updates