Package "libssl-dev"
Name: |
libssl-dev
|
Description: |
SSL development libraries, header files and documentation
|
Latest version: |
1.0.1-4ubuntu5.45 |
Release: |
precise (12.04) |
Level: |
updates |
Repository: |
main |
Head package: |
openssl |
Links
Download "libssl-dev"
Other versions of "libssl-dev" in Precise
Changelog
openssl (1.0.1-4ubuntu5.35) precise-security; urgency=medium
* SECURITY UPDATE: side channel attack on modular exponentiation
- debian/patches/CVE-2016-0702.patch: use constant-time calculations in
crypto/bn/asm/x86_64-mont5.pl, crypto/bn/bn_exp.c,
crypto/perlasm/x86_64-xlate.pl, crypto/constant_time_locl.h.
- CVE-2016-0702
* SECURITY UPDATE: double-free in DSA code
- debian/patches/CVE-2016-0705.patch: fix double-free in
crypto/dsa/dsa_ameth.c.
- CVE-2016-0705
* SECURITY UPDATE: BN_hex2bn/BN_dec2bn NULL pointer deref/heap corruption
- debian/patches/CVE-2016-0797.patch: prevent overflow in
crypto/bn/bn_print.c, crypto/bn/bn.h.
- CVE-2016-0797
* SECURITY UPDATE: memory leak in SRP database lookups
- debian/patches/CVE-2016-0798.patch: disable SRP fake user seed and
introduce new SRP_VBASE_get1_by_user function that handled seed
properly in apps/s_server.c, crypto/srp/srp.h, crypto/srp/srp_vfy.c,
util/libeay.num, openssl.ld.
- CVE-2016-0798
* SECURITY UPDATE: memory issues in BIO_*printf functions
- debian/patches/CVE-2016-0799.patch: prevent overflow in
crypto/bio/b_print.c.
- CVE-2016-0799
* debian/patches/preserve_digests_for_sni.patch: preserve negotiated
digests for SNI when SSL_set_SSL_CTX is called in ssl/ssl_lib.c.
(LP: #1550643)
-- Marc Deslauriers <email address hidden> Mon, 29 Feb 2016 08:01:48 -0500
|
Source diff to previous version |
|
openssl (1.0.1-4ubuntu5.34) precise-security; urgency=medium
* debian/patches/alt-cert-chains-*.patch: backport series of upstream
commits to add alternate chains support. This will allow the future
removal of 1024-bit RSA keys from the ca-certificates package.
-- Marc Deslauriers <email address hidden> Mon, 08 Feb 2016 09:15:37 -0500
|
Source diff to previous version |
openssl (1.0.1-4ubuntu5.33) precise-security; urgency=medium
* SECURITY UPDATE: incorrect RSA+MD5 support with TLS 1.2
- debian/patches/CVE-2015-7575.patch: disable RSA+MD5 when using TLS
1.2 in ssl/t1_lib.c.
- CVE-2015-7575
-- Marc Deslauriers Thu, 07 Jan 2016 09:27:55 -0500
|
Source diff to previous version |
CVE-2015-7575 |
MD5 signatures accepted within TLS 1.2 ServerKeyExchange in server signature |
|
openssl (1.0.1-4ubuntu5.32) precise-security; urgency=medium
* SECURITY UPDATE: Certificate verify crash with missing PSS parameter
- debian/patches/CVE-2015-3194.patch: add PSS parameter check to
crypto/rsa/rsa_ameth.c.
- CVE-2015-3194
* SECURITY UPDATE: X509_ATTRIBUTE memory leak
- debian/patches/CVE-2015-3195.patch: fix leak in
crypto/asn1/tasn_dec.c.
- CVE-2015-3195
* SECURITY UPDATE: Race condition handling PSK identify hint
- debian/patches/CVE-2015-3196.patch: fix PSK handling in
ssl/s3_clnt.c, ssl/s3_srvr.c.
- CVE-2015-3196
-- Marc Deslauriers Fri, 04 Dec 2015 08:22:09 -0500
|
Source diff to previous version |
openssl (1.0.1-4ubuntu5.31) precise-security; urgency=medium
* SECURITY IMPROVEMENT: reject dh keys smaller than 768 bits
- debian/patches/reject_small_dh.patch: reject small dh keys in
ssl/s3_clnt.c, ssl/ssl.h, ssl/ssl_err.c, update documentation in
doc/ssl/SSL_CTX_set_tmp_dh_callback.pod, make s_server use 2048-bit
dh in apps/s_server.c, clarify docs in doc/apps/dhparam.pod,
switch defaut dh to 2048-bit in apps/dhparam.c, apps/gendh.c.
* SECURITY UPDATE: denial of service and possible code execution via
invalid free in DTLS
- debian/patches/CVE-2014-8176.patch: fix invalid free in ssl/d1_lib.c.
- CVE-2014-8176
* SECURITY UPDATE: denial of service via malformed ECParameters
- debian/patches/CVE-2015-1788.patch: improve logic in
crypto/bn/bn_gf2m.c.
- CVE-2015-1788
* SECURITY UPDATE: denial of service via out-of-bounds read in
X509_cmp_time
- debian/patches/CVE-2015-1789.patch: properly parse time format in
crypto/x509/x509_vfy.c.
- CVE-2015-1789
* SECURITY UPDATE: denial of service via missing EnvelopedContent
- debian/patches/CVE-2015-1790.patch: handle NULL data_body in
crypto/pkcs7/pk7_doit.c.
- CVE-2015-1790
* SECURITY UPDATE: race condition in NewSessionTicket
- debian/patches/CVE-2015-1791.patch: create a new session in
ssl/s3_clnt.c, ssl/ssl.h, ssl/ssl_err.c, ssl/ssl_locl.h,
ssl/ssl_sess.c.
- debian/patches/CVE-2015-1791-2.patch: fix kerberos issue in
ssl/ssl_sess.c.
- debian/patches/CVE-2015-1791-3.patch: more ssl_session_dup fixes in
ssl/ssl_sess.c.
- CVE-2015-1791
* SECURITY UPDATE: CMS verify infinite loop with unknown hash function
- debian/patches/CVE-2015-1792.patch: fix infinite loop in
crypto/cms/cms_smime.c.
- CVE-2015-1792
-- Marc Deslauriers <email address hidden> Thu, 11 Jun 2015 07:35:48 -0400
|
|
About
-
Send Feedback to @ubuntu_updates