openssl098 0.9.8o-7ubuntu3.2.14.04.1 source package in Ubuntu
Changelog
openssl098 (0.9.8o-7ubuntu3.2.14.04.1) trusty-security; urgency=medium [ Louis Bouchard ] * Bring up to date with latest security patches from Ubuntu 10.04: (LP: #1331452) * SECURITY UPDATE: MITM via change cipher spec - debian/patches/CVE-2014-0224-1.patch: only accept change cipher spec when it is expected in ssl/s3_clnt.c, ssl/s3_pkt.c, ssl/s3_srvr.c, ssl/ssl3.h. - debian/patches/CVE-2014-0224-2.patch: don't accept zero length master secrets in ssl/s3_pkt.c. - debian/patches/CVE-2014-0224-3.patch: allow CCS after resumption in ssl/s3_clnt.c. - debian/patches/CVE-2014-0224-regression2.patch: accept CCS after sending finished ssl/s3_clnt.c. - CVE-2014-0224 * SECURITY UPDATE: denial of service via DTLS recursion flaw - debian/patches/CVE-2014-0221.patch: handle DTLS hello request without recursion in ssl/d1_both.c. - CVE-2014-0221 * SECURITY UPDATE: arbitrary code execution via DTLS invalid fragment - debian/patches/CVE-2014-0195.patch: add consistency check for DTLS fragments in ssl/d1_both.c. - CVE-2014-0195 * SECURITY UPDATE: "Lucky Thirteen" timing side-channel TLS attack - debian/patches/CVE-2013-0169.patch: massive code changes - CVE-2013-0169 * SECURITY UPDATE: denial of service via invalid OCSP key - debian/patches/CVE-2013-0166.patch: properly handle NULL key in crypto/asn1/a_verify.c, crypto/ocsp/ocsp_vfy.c. - CVE-2013-0166 * SECURITY UPDATE: denial of service attack in DTLS implementation - debian/patches/CVE_2012-2333.patch: guard for integer overflow before skipping explicit IV - CVE-2012-2333 * SECURITY UPDATE: million message attack (MMA) in CMS and PKCS #7 - debian/patches/CVE-2012-0884.patch: use a random key if RSA decryption fails to avoid leaking timing information - debian/patches/CVE-2012-0884-extra.patch: detect symmetric crypto errors in PKCS7_decrypt and initialize tkeylen properly when encrypting CMS messages. - CVE-2012-0884 [ Marc Deslauriers ] * debian/patches/rehash_pod.patch: updated to fix FTBFS. * debian/patches/fix-pod-errors.patch: fix other pod files to fix FTBFS. -- Marc Deslauriers <email address hidden> Wed, 02 Jul 2014 09:13:28 -0400
Upload details
- Uploaded by:
- Marc Deslauriers
- Uploaded to:
- Trusty
- Original maintainer:
- Ubuntu Developers
- Architectures:
- any
- Section:
- utils
- Urgency:
- Medium Urgency
See full publishing history Publishing
Series | Published | Component | Section | |
---|---|---|---|---|
Trusty | updates | universe | utils | |
Trusty | security | universe | utils |
Downloads
File | Size | SHA-256 Checksum |
---|---|---|
openssl098_0.9.8o.orig.tar.gz | 3.6 MiB | befada1ac3819b1d317df8197b5e82ec768b39d250fcbef81e2b1cb7f165d448 |
openssl098_0.9.8o-7ubuntu3.2.14.04.1.debian.tar.gz | 128.1 KiB | cfb0f1b0c4d9e7d4d14c6a1695d63eefab09f45910b2da31ad5de01276f36b1d |
openssl098_0.9.8o-7ubuntu3.2.14.04.1.dsc | 2.2 KiB | d5b13c5d40dcff6bafedf20264bf210aded8469286d8e139919612c1654931d6 |
Available diffs
Binary packages built by this source
- libcrypto0.9.8-udeb: crypto shared library - udeb
libcrypto shared library.
.
Do not install it on a normal system.
- libssl0.9.8: SSL shared libraries
libssl and libcrypto shared libraries needed by programs like
apache-ssl, telnet-ssl and openssh.
.
It is part of the OpenSSL implementation of SSL.
- libssl0.9.8-dbg: Symbol tables for libssl and libcrypto
This package is part of the OpenSSL implementation of SSL.