Update OpenSSL to version 0.9.8g-4ubuntu3.5
| Affects | Status | Importance | Assigned to | Milestone | |
|---|---|---|---|---|---|
| The Dell Mini Project |
Fix Released
|
Critical
|
Unassigned | ||
Bug Description
OpenSSL is currently in version 0.9.8g-4ubuntu3.3 in dell-mini-hardy. It should be update to version 0.9.8g-4ubuntu3.5 to fix several security vulnerabilities. Generic hardy has been already been patched.
Changelog:
openssl (0.9.8g-4ubuntu3.5) hardy-security; urgency=low
* SECURITY UPDATE: crash via invalid memory access when printing BMPString
or UniversalString with invalid length
- crypto/
return error if invalid length
- CVE-2009-0590
- http://
- patch from upstream CVS:
crypto/
crypto/
crypto/
-- Jamie Strandboge <email address hidden> Thu, 26 Mar 2009 14:12:48 -0500
openssl (0.9.8g-4ubuntu3.4) hardy-security; urgency=low
* SECURITY UPDATE: clients treat malformed signatures as good when verifying
server DSA and ECDSA certificates
- update apps/speed.c, apps/spkac.c, apps/verify.c, apps/x509.c,
ssl/
ssl/ssltest.c to properly check the return code of EVP_VerifyFinal()
- patch based on upstream patch for #2008-016
- CVE-2008-5077
-- Jamie Strandboge <email address hidden> Tue, 06 Jan 2009 01:00:29 -0600
| Henry Hall (hlh) wrote | #1 |
| Changed in dell-mini: | |
| assignee: | nobody → oem-security |
| importance: | Undecided → Critical |
| status: | New → Fix Committed |
| Nicola Ferralis (feranick) wrote | #2 |
| Nicolas Valcarcel (nvalcarcel) wrote | #3 |
| Changed in dell-mini: | |
| status: | Fix Committed → Fix Released |
| Changed in dell-mini: | |
| assignee: | Registry Administrators (registry) → nobody |
This fix will be released in the next large update.