UbuntuUpdates.org

Package "libssl-doc"

Name: libssl-doc

Description:

SSL development documentation documentation

Latest version: 1.0.1-4ubuntu5.39
Release: precise (12.04)
Level: security
Repository: main
Head package: openssl

Links


Download "libssl-doc"


Other versions of "libssl-doc" in Precise

Repository Area Version
base main 1.0.1-4ubuntu3
updates main 1.0.1-4ubuntu5.39

Changelog

Version: 1.0.1-4ubuntu5.34 2016-02-24 18:06:42 UTC

  openssl (1.0.1-4ubuntu5.34) precise-security; urgency=medium

  * debian/patches/alt-cert-chains-*.patch: backport series of upstream
    commits to add alternate chains support. This will allow the future
    removal of 1024-bit RSA keys from the ca-certificates package.

 -- Marc Deslauriers <email address hidden> Mon, 08 Feb 2016 09:15:37 -0500

Source diff to previous version

Version: 1.0.1-4ubuntu5.33 2016-01-07 20:06:43 UTC

  openssl (1.0.1-4ubuntu5.33) precise-security; urgency=medium

  * SECURITY UPDATE: incorrect RSA+MD5 support with TLS 1.2
    - debian/patches/CVE-2015-7575.patch: disable RSA+MD5 when using TLS
      1.2 in ssl/t1_lib.c.
    - CVE-2015-7575

 -- Marc Deslauriers Thu, 07 Jan 2016 09:27:55 -0500

Source diff to previous version
CVE-2015-7575 MD5 signatures accepted within TLS 1.2 ServerKeyExchange in server signature

Version: 1.0.1-4ubuntu5.32 2015-12-07 14:06:39 UTC

  openssl (1.0.1-4ubuntu5.32) precise-security; urgency=medium

  * SECURITY UPDATE: Certificate verify crash with missing PSS parameter
    - debian/patches/CVE-2015-3194.patch: add PSS parameter check to
      crypto/rsa/rsa_ameth.c.
    - CVE-2015-3194
  * SECURITY UPDATE: X509_ATTRIBUTE memory leak
    - debian/patches/CVE-2015-3195.patch: fix leak in
      crypto/asn1/tasn_dec.c.
    - CVE-2015-3195
  * SECURITY UPDATE: Race condition handling PSK identify hint
    - debian/patches/CVE-2015-3196.patch: fix PSK handling in
      ssl/s3_clnt.c, ssl/s3_srvr.c.
    - CVE-2015-3196

 -- Marc Deslauriers Fri, 04 Dec 2015 08:22:09 -0500

Source diff to previous version

Version: 1.0.1-4ubuntu5.31 2015-06-11 19:06:54 UTC

  openssl (1.0.1-4ubuntu5.31) precise-security; urgency=medium

  * SECURITY IMPROVEMENT: reject dh keys smaller than 768 bits
    - debian/patches/reject_small_dh.patch: reject small dh keys in
      ssl/s3_clnt.c, ssl/ssl.h, ssl/ssl_err.c, update documentation in
      doc/ssl/SSL_CTX_set_tmp_dh_callback.pod, make s_server use 2048-bit
      dh in apps/s_server.c, clarify docs in doc/apps/dhparam.pod,
      switch defaut dh to 2048-bit in apps/dhparam.c, apps/gendh.c.
  * SECURITY UPDATE: denial of service and possible code execution via
    invalid free in DTLS
    - debian/patches/CVE-2014-8176.patch: fix invalid free in ssl/d1_lib.c.
    - CVE-2014-8176
  * SECURITY UPDATE: denial of service via malformed ECParameters
    - debian/patches/CVE-2015-1788.patch: improve logic in
      crypto/bn/bn_gf2m.c.
    - CVE-2015-1788
  * SECURITY UPDATE: denial of service via out-of-bounds read in
    X509_cmp_time
    - debian/patches/CVE-2015-1789.patch: properly parse time format in
      crypto/x509/x509_vfy.c.
    - CVE-2015-1789
  * SECURITY UPDATE: denial of service via missing EnvelopedContent
    - debian/patches/CVE-2015-1790.patch: handle NULL data_body in
      crypto/pkcs7/pk7_doit.c.
    - CVE-2015-1790
  * SECURITY UPDATE: race condition in NewSessionTicket
    - debian/patches/CVE-2015-1791.patch: create a new session in
      ssl/s3_clnt.c, ssl/ssl.h, ssl/ssl_err.c, ssl/ssl_locl.h,
      ssl/ssl_sess.c.
    - debian/patches/CVE-2015-1791-2.patch: fix kerberos issue in
      ssl/ssl_sess.c.
    - debian/patches/CVE-2015-1791-3.patch: more ssl_session_dup fixes in
      ssl/ssl_sess.c.
    - CVE-2015-1791
  * SECURITY UPDATE: CMS verify infinite loop with unknown hash function
    - debian/patches/CVE-2015-1792.patch: fix infinite loop in
      crypto/cms/cms_smime.c.
    - CVE-2015-1792

 -- Marc Deslauriers <email address hidden> Thu, 11 Jun 2015 07:35:48 -0400

Source diff to previous version
CVE-2014-8176 Invalid free in DTLS
CVE-2015-1788 Malformed ECParameters causes infinite loop
CVE-2015-1789 Exploitable out-of-bounds read in X509_cmp_time
CVE-2015-1790 PKCS7 crash with missing EnvelopedContent
CVE-2015-1791 race condition in NewSessionTicket
CVE-2015-1792 CMS verify infinite loop with unknown hash function

Version: 1.0.1-4ubuntu5.28 2015-06-01 18:07:12 UTC

  openssl (1.0.1-4ubuntu5.28) precise-security; urgency=medium

  * SECURITY IMPROVEMENT: Disable EXPORT ciphers by default
    - debian/patches/disable_export_ciphers.patch: remove export ciphers
      from the DEFAULT cipher list in ssl/ssl.h, ssl/ssl_ciph.c,
      doc/apps/ciphers.pod.

 -- Marc Deslauriers <email address hidden> Thu, 28 May 2015 08:58:31 -0400




About   -   Send Feedback to @ubuntu_updates