This bug was fixed in the package openssl - 1.0.2g-1ubuntu14
--------------- openssl (1.0.2g-1ubuntu14) bionic; urgency=medium
* SECURITY UPDATE: Malformed X.509 IPAddressFamily could cause OOB read - debian/patches/CVE-2017-3735.patch: avoid out-of-bounds read in crypto/x509v3/v3_addr.c. - CVE-2017-3735 * SECURITY UPDATE: bn_sqrx8x_internal carry bug on x86_64 - debian/patches/CVE-2017-3736.patch: fix carry bug in bn_sqrx8x_internal in crypto/bn/asm/x86_64-mont5.pl. - CVE-2017-3736 * debian/patches/fix_armhf_ftbfs.patch: fix build with gcc-7.2 on armhf. (LP: #1729850)
-- Marc Deslauriers <email address hidden> Mon, 06 Nov 2017 07:56:00 -0500
This bug was fixed in the package openssl - 1.0.2g-1ubuntu14
---------------
openssl (1.0.2g-1ubuntu14) bionic; urgency=medium
* SECURITY UPDATE: Malformed X.509 IPAddressFamily could cause OOB read patches/ CVE-2017- 3735.patch: avoid out-of-bounds read in x509v3/ v3_addr. c. patches/ CVE-2017- 3736.patch: fix carry bug in sqrx8x_ internal in crypto/ bn/asm/ x86_64- mont5.pl. patches/ fix_armhf_ ftbfs.patch: fix build with gcc-7.2 on armhf.
- debian/
crypto/
- CVE-2017-3735
* SECURITY UPDATE: bn_sqrx8x_internal carry bug on x86_64
- debian/
bn_
- CVE-2017-3736
* debian/
(LP: #1729850)
-- Marc Deslauriers <email address hidden> Mon, 06 Nov 2017 07:56:00 -0500