This bug was fixed in the package openssl - 1.0.1-4ubuntu5.35
--------------- openssl (1.0.1-4ubuntu5.35) precise-security; urgency=medium
* SECURITY UPDATE: side channel attack on modular exponentiation - debian/patches/CVE-2016-0702.patch: use constant-time calculations in crypto/bn/asm/x86_64-mont5.pl, crypto/bn/bn_exp.c, crypto/perlasm/x86_64-xlate.pl, crypto/constant_time_locl.h. - CVE-2016-0702 * SECURITY UPDATE: double-free in DSA code - debian/patches/CVE-2016-0705.patch: fix double-free in crypto/dsa/dsa_ameth.c. - CVE-2016-0705 * SECURITY UPDATE: BN_hex2bn/BN_dec2bn NULL pointer deref/heap corruption - debian/patches/CVE-2016-0797.patch: prevent overflow in crypto/bn/bn_print.c, crypto/bn/bn.h. - CVE-2016-0797 * SECURITY UPDATE: memory leak in SRP database lookups - debian/patches/CVE-2016-0798.patch: disable SRP fake user seed and introduce new SRP_VBASE_get1_by_user function that handled seed properly in apps/s_server.c, crypto/srp/srp.h, crypto/srp/srp_vfy.c, util/libeay.num, openssl.ld. - CVE-2016-0798 * SECURITY UPDATE: memory issues in BIO_*printf functions - debian/patches/CVE-2016-0799.patch: prevent overflow in crypto/bio/b_print.c. - CVE-2016-0799 * debian/patches/preserve_digests_for_sni.patch: preserve negotiated digests for SNI when SSL_set_SSL_CTX is called in ssl/ssl_lib.c. (LP: #1550643)
-- Marc Deslauriers <email address hidden> Mon, 29 Feb 2016 08:01:48 -0500
This bug was fixed in the package openssl - 1.0.1-4ubuntu5.35
---------------
openssl (1.0.1-4ubuntu5.35) precise-security; urgency=medium
* SECURITY UPDATE: side channel attack on modular exponentiation patches/ CVE-2016- 0702.patch: use constant-time calculations in bn/asm/ x86_64- mont5.pl, crypto/bn/bn_exp.c, perlasm/ x86_64- xlate.pl, crypto/ constant_ time_locl. h. patches/ CVE-2016- 0705.patch: fix double-free in dsa/dsa_ ameth.c. patches/ CVE-2016- 0797.patch: prevent overflow in bn/bn_print. c, crypto/bn/bn.h. patches/ CVE-2016- 0798.patch: disable SRP fake user seed and get1_by_ user function that handled seed srp/srp_ vfy.c, libeay. num, openssl.ld. patches/ CVE-2016- 0799.patch: prevent overflow in bio/b_print. c. patches/ preserve_ digests_ for_sni. patch: preserve negotiated
- debian/
crypto/
crypto/
- CVE-2016-0702
* SECURITY UPDATE: double-free in DSA code
- debian/
crypto/
- CVE-2016-0705
* SECURITY UPDATE: BN_hex2bn/BN_dec2bn NULL pointer deref/heap corruption
- debian/
crypto/
- CVE-2016-0797
* SECURITY UPDATE: memory leak in SRP database lookups
- debian/
introduce new SRP_VBASE_
properly in apps/s_server.c, crypto/srp/srp.h, crypto/
util/
- CVE-2016-0798
* SECURITY UPDATE: memory issues in BIO_*printf functions
- debian/
crypto/
- CVE-2016-0799
* debian/
digests for SNI when SSL_set_SSL_CTX is called in ssl/ssl_lib.c.
(LP: #1550643)
-- Marc Deslauriers <email address hidden> Mon, 29 Feb 2016 08:01:48 -0500