UbuntuUpdates.org

Package "libssl-dev"

Name: libssl-dev

Description:

SSL development libraries, header files and documentation

Latest version: 1.0.1-4ubuntu5.45
Release: precise (12.04)
Level: updates
Repository: main
Head package: openssl

Links


Download "libssl-dev"


Other versions of "libssl-dev" in Precise

Repository Area Version
base main 1.0.1-4ubuntu3
security main 1.0.1-4ubuntu5.45

Changelog

Version: 1.0.1-4ubuntu5.35 2016-03-01 17:06:59 UTC

  openssl (1.0.1-4ubuntu5.35) precise-security; urgency=medium

  * SECURITY UPDATE: side channel attack on modular exponentiation
    - debian/patches/CVE-2016-0702.patch: use constant-time calculations in
      crypto/bn/asm/x86_64-mont5.pl, crypto/bn/bn_exp.c,
      crypto/perlasm/x86_64-xlate.pl, crypto/constant_time_locl.h.
    - CVE-2016-0702
  * SECURITY UPDATE: double-free in DSA code
    - debian/patches/CVE-2016-0705.patch: fix double-free in
      crypto/dsa/dsa_ameth.c.
    - CVE-2016-0705
  * SECURITY UPDATE: BN_hex2bn/BN_dec2bn NULL pointer deref/heap corruption
    - debian/patches/CVE-2016-0797.patch: prevent overflow in
      crypto/bn/bn_print.c, crypto/bn/bn.h.
    - CVE-2016-0797
  * SECURITY UPDATE: memory leak in SRP database lookups
    - debian/patches/CVE-2016-0798.patch: disable SRP fake user seed and
      introduce new SRP_VBASE_get1_by_user function that handled seed
      properly in apps/s_server.c, crypto/srp/srp.h, crypto/srp/srp_vfy.c,
      util/libeay.num, openssl.ld.
    - CVE-2016-0798
  * SECURITY UPDATE: memory issues in BIO_*printf functions
    - debian/patches/CVE-2016-0799.patch: prevent overflow in
      crypto/bio/b_print.c.
    - CVE-2016-0799
  * debian/patches/preserve_digests_for_sni.patch: preserve negotiated
    digests for SNI when SSL_set_SSL_CTX is called in ssl/ssl_lib.c.
    (LP: #1550643)

 -- Marc Deslauriers <email address hidden> Mon, 29 Feb 2016 08:01:48 -0500

Source diff to previous version
1550643 Please backport OpenSSL SNI signature algorithms fix.
CVE-2016-0702 Side channel attack on modular exponentiation
CVE-2016-0705 Double-free in DSA code
CVE-2016-0797 BN_hex2bn/BN_dec2bn NULL pointer deref/heap corruption
CVE-2016-0798 Memory leak in SRP database lookups
CVE-2016-0799 Memory issues in BIO_*printf functions

Version: 1.0.1-4ubuntu5.34 2016-02-24 19:07:34 UTC

  openssl (1.0.1-4ubuntu5.34) precise-security; urgency=medium

  * debian/patches/alt-cert-chains-*.patch: backport series of upstream
    commits to add alternate chains support. This will allow the future
    removal of 1024-bit RSA keys from the ca-certificates package.

 -- Marc Deslauriers <email address hidden> Mon, 08 Feb 2016 09:15:37 -0500

Source diff to previous version

Version: 1.0.1-4ubuntu5.33 2016-01-07 22:06:28 UTC

  openssl (1.0.1-4ubuntu5.33) precise-security; urgency=medium

  * SECURITY UPDATE: incorrect RSA+MD5 support with TLS 1.2
    - debian/patches/CVE-2015-7575.patch: disable RSA+MD5 when using TLS
      1.2 in ssl/t1_lib.c.
    - CVE-2015-7575

 -- Marc Deslauriers Thu, 07 Jan 2016 09:27:55 -0500

Source diff to previous version
CVE-2015-7575 MD5 signatures accepted within TLS 1.2 ServerKeyExchange in server signature

Version: 1.0.1-4ubuntu5.32 2015-12-07 14:06:40 UTC

  openssl (1.0.1-4ubuntu5.32) precise-security; urgency=medium

  * SECURITY UPDATE: Certificate verify crash with missing PSS parameter
    - debian/patches/CVE-2015-3194.patch: add PSS parameter check to
      crypto/rsa/rsa_ameth.c.
    - CVE-2015-3194
  * SECURITY UPDATE: X509_ATTRIBUTE memory leak
    - debian/patches/CVE-2015-3195.patch: fix leak in
      crypto/asn1/tasn_dec.c.
    - CVE-2015-3195
  * SECURITY UPDATE: Race condition handling PSK identify hint
    - debian/patches/CVE-2015-3196.patch: fix PSK handling in
      ssl/s3_clnt.c, ssl/s3_srvr.c.
    - CVE-2015-3196

 -- Marc Deslauriers Fri, 04 Dec 2015 08:22:09 -0500

Source diff to previous version

Version: 1.0.1-4ubuntu5.31 2015-06-11 19:06:56 UTC

  openssl (1.0.1-4ubuntu5.31) precise-security; urgency=medium

  * SECURITY IMPROVEMENT: reject dh keys smaller than 768 bits
    - debian/patches/reject_small_dh.patch: reject small dh keys in
      ssl/s3_clnt.c, ssl/ssl.h, ssl/ssl_err.c, update documentation in
      doc/ssl/SSL_CTX_set_tmp_dh_callback.pod, make s_server use 2048-bit
      dh in apps/s_server.c, clarify docs in doc/apps/dhparam.pod,
      switch defaut dh to 2048-bit in apps/dhparam.c, apps/gendh.c.
  * SECURITY UPDATE: denial of service and possible code execution via
    invalid free in DTLS
    - debian/patches/CVE-2014-8176.patch: fix invalid free in ssl/d1_lib.c.
    - CVE-2014-8176
  * SECURITY UPDATE: denial of service via malformed ECParameters
    - debian/patches/CVE-2015-1788.patch: improve logic in
      crypto/bn/bn_gf2m.c.
    - CVE-2015-1788
  * SECURITY UPDATE: denial of service via out-of-bounds read in
    X509_cmp_time
    - debian/patches/CVE-2015-1789.patch: properly parse time format in
      crypto/x509/x509_vfy.c.
    - CVE-2015-1789
  * SECURITY UPDATE: denial of service via missing EnvelopedContent
    - debian/patches/CVE-2015-1790.patch: handle NULL data_body in
      crypto/pkcs7/pk7_doit.c.
    - CVE-2015-1790
  * SECURITY UPDATE: race condition in NewSessionTicket
    - debian/patches/CVE-2015-1791.patch: create a new session in
      ssl/s3_clnt.c, ssl/ssl.h, ssl/ssl_err.c, ssl/ssl_locl.h,
      ssl/ssl_sess.c.
    - debian/patches/CVE-2015-1791-2.patch: fix kerberos issue in
      ssl/ssl_sess.c.
    - debian/patches/CVE-2015-1791-3.patch: more ssl_session_dup fixes in
      ssl/ssl_sess.c.
    - CVE-2015-1791
  * SECURITY UPDATE: CMS verify infinite loop with unknown hash function
    - debian/patches/CVE-2015-1792.patch: fix infinite loop in
      crypto/cms/cms_smime.c.
    - CVE-2015-1792

 -- Marc Deslauriers <email address hidden> Thu, 11 Jun 2015 07:35:48 -0400

CVE-2014-8176 Invalid free in DTLS
CVE-2015-1788 Malformed ECParameters causes infinite loop
CVE-2015-1789 Exploitable out-of-bounds read in X509_cmp_time
CVE-2015-1790 PKCS7 crash with missing EnvelopedContent
CVE-2015-1791 race condition in NewSessionTicket
CVE-2015-1792 CMS verify infinite loop with unknown hash function



About   -   Send Feedback to @ubuntu_updates