Update OpenSSL to fix security vulnerabilities

Bug #392670 reported by Nicola Ferralis on 2009-06-26
256
This bug affects 1 person
Affects Status Importance Assigned to Milestone
The Dell Mini Project
Undecided
Unassigned

Bug Description

Openssl has been updated in generic hardy to version 0.9.8g-4ubuntu3.7 to fix several security vulnerabilities (see below). Openssl is still in version 0.9.8g-4ubuntu3.5 in hardy for the mini.

Changelog:

0.9.8g-4ubuntu3.7) hardy-security; urgency=low

  * SECURITY UPDATE: denial of service via memory consumption from large
    number of future epoch DTLS records.
    - crypto/pqueue.*: add new pqueue_size counter function.
    - ssl/d1_pkt.c: use pqueue_size to limit size of queue to 100.
    - http://cvs.openssl.org/chngview?cn=18187
    - CVE-2009-1377
  * SECURITY UPDATE: denial of service via memory consumption from
    duplicate or invalid sequence numbers in DTLS records.
    - ssl/d1_both.c: discard message if it's a duplicate or too far in the
      future.
    - http://marc.info/?l=openssl-dev&m=124263491424212&w=2
    - CVE-2009-1378
  * SECURITY UPDATE: denial of service or other impact via use-after-free
    in dtls1_retrieve_buffered_fragment.
    - ssl/d1_both.c: use temp frag_len instead of freed frag.
    - http://rt.openssl.org/Ticket/Display.html?id=1923
    - CVE-2009-1379
  * SECURITY UPDATE: denial of service via DTLS ChangeCipherSpec packet
    that occurs before ClientHello.
    - ssl/s3_pkt.c: abort if s->session is NULL.
    - ssl/{ssl.h,ssl_err.c}: add new error codes.
    - http://cvs.openssl.org/chngview?cn=17369
    - CVE-2009-1386
  * SECURITY UPDATE: denial of service via an out-of-sequence DTLS
    handshake message.
    - ssl/d1_both.c: don't buffer fragments with no data.
    - http://cvs.openssl.org/chngview?cn=17958
    - CVE-2009-1387

security vulnerability: no → yes
Changed in dell-mini:
status: New → Confirmed
Nicola Ferralis (feranick) wrote :

In proposed repository.

Changed in dell-mini:
status: Confirmed → Fix Committed
Nicola Ferralis (feranick) wrote :

Reverting to Confirmed, since a new security vulnerability has been found in version 0.9.8g-4ubuntu3.7.

Fixed in generic hardy (0.9.8g-4ubuntu3.8). The fix should be ported in the dell mini ASAP.

Changed in dell-mini:
status: Fix Committed → Confirmed
Nicola Ferralis (feranick) wrote :

In proposed repository.

Changed in dell-mini:
status: Confirmed → Fix Committed
To post a comment you must log in.
This report contains Public Security information  Edit
Everyone can see this security related information.

Other bug subscribers