Format: 1.8 Date: Mon, 30 Jan 2017 11:38:06 -0500 Source: openssl Binary: openssl libssl1.0.0 libcrypto1.0.0-udeb libssl1.0.0-udeb libssl-dev libssl-doc libssl1.0.0-dbg Architecture: amd64 amd64_translations Version: 1.0.1f-1ubuntu2.22 Distribution: trusty Urgency: medium Maintainer: Launchpad Build Daemon Changed-By: Marc Deslauriers Description: libcrypto1.0.0-udeb - Secure Sockets Layer toolkit - libcrypto udeb (udeb) libssl-dev - Secure Sockets Layer toolkit - development files libssl-doc - Secure Sockets Layer toolkit - development documentation libssl1.0.0 - Secure Sockets Layer toolkit - shared libraries libssl1.0.0-dbg - Secure Sockets Layer toolkit - debug information libssl1.0.0-udeb - ssl shared library - udeb (udeb) openssl - Secure Sockets Layer toolkit - cryptographic utility Changes: openssl (1.0.1f-1ubuntu2.22) trusty-security; urgency=medium . * SECURITY UPDATE: Pointer arithmetic undefined behaviour - debian/patches/CVE-2016-2177-pre.patch: check for ClientHello message overruns in ssl/s3_srvr.c. - debian/patches/CVE-2016-2177-pre2.patch: validate ClientHello extension field length in ssl/t1_lib.c. - debian/patches/CVE-2016-2177-pre3.patch: pass in a limit rather than calculate it in ssl/s3_srvr.c, ssl/ssl_locl.h, ssl/t1_lib.c. - debian/patches/CVE-2016-2177.patch: avoid undefined pointer arithmetic in ssl/s3_srvr.c, ssl/t1_lib.c, - CVE-2016-2177 * SECURITY UPDATE: ECDSA P-256 timing attack key recovery - debian/patches/CVE-2016-7056.patch: use BN_mod_exp_mont_consttime in crypto/ec/ec.h, crypto/ec/ec_lcl.h, crypto/ec/ec_lib.c, crypto/ecdsa/ecs_ossl.c. - CVE-2016-7056 * SECURITY UPDATE: DoS via warning alerts - debian/patches/CVE-2016-8610.patch: don't allow too many consecutive warning alerts in ssl/d1_pkt.c, ssl/s3_pkt.c, ssl/ssl.h, ssl/ssl_locl.h. - debian/patches/CVE-2016-8610-2.patch: fail if an unrecognised record type is received in ssl/s3_pkt.c. - CVE-2016-8610 * SECURITY UPDATE: Truncated packet could crash via OOB read - debian/patches/CVE-2017-3731-pre.patch: sanity check EVP_CTRL_AEAD_TLS_AAD in crypto/evp/e_aes.c, crypto/evp/e_aes_cbc_hmac_sha1.c, crypto/evp/e_rc4_hmac_md5.c, crypto/evp/evp.h, ssl/t1_enc.c. - debian/patches/CVE-2017-3731.patch: harden RC4_MD5 cipher in crypto/evp/e_rc4_hmac_md5.c. - CVE-2017-3731 Checksums-Sha1: cadc23b701025f52f4e6e0248a57cea611fde975 489338 openssl_1.0.1f-1ubuntu2.22_amd64.deb cc34ca7e39ae97312fd24c0406411a15b0e2f412 827798 libssl1.0.0_1.0.1f-1ubuntu2.22_amd64.deb b8bcee41c7ecd2c49eddac26032b7011b7d51445 616452 libcrypto1.0.0-udeb_1.0.1f-1ubuntu2.22_amd64.udeb 4c3ba12c3af085c2b3c17bbea3cc980cfe46f83b 124890 libssl1.0.0-udeb_1.0.1f-1ubuntu2.22_amd64.udeb 2a3df27be19f3b18907b8a5d40821c1ab3f13ebd 1074230 libssl-dev_1.0.1f-1ubuntu2.22_amd64.deb 9643ba8c46612b37ac653a364ea0340226536fbd 2661750 libssl1.0.0-dbg_1.0.1f-1ubuntu2.22_amd64.deb 28a13a4bd9f2b178c56eea76d8998b5dc35098f6 1058 openssl-dbgsym_1.0.1f-1ubuntu2.22_amd64.ddeb f2f2a2b436042af7fe377592765122b3ea511e5a 900 libssl1.0.0-dbgsym_1.0.1f-1ubuntu2.22_amd64.ddeb a38ea7bc71c0f2dc042ab8a221bdcdf8410a778c 936 libcrypto1.0.0-udeb-dbgsym_1.0.1f-1ubuntu2.22_amd64.ddeb 7e82ee8115dd523bde0847eb5321acc798402ddc 818 libssl1.0.0-udeb-dbgsym_1.0.1f-1ubuntu2.22_amd64.ddeb 49e15f0f6fab5e8ed6227eb4c21f55eb50f87ed7 922 libssl-dev-dbgsym_1.0.1f-1ubuntu2.22_amd64.ddeb 6b1bd96c7e08cf20b9454453b0e99ea9a3d92768 20807 openssl_1.0.1f-1ubuntu2.22_amd64_translations.tar.gz Checksums-Sha256: f64e17027ac4586dd1795d1720443c625fedcd15172b2b5fa7b308e0ac02b64a 489338 openssl_1.0.1f-1ubuntu2.22_amd64.deb 7e60f2cd2710f03c7a4123b432fd97ce10a46669b7cd9b94b93214026b005c7c 827798 libssl1.0.0_1.0.1f-1ubuntu2.22_amd64.deb 596fbc549716c19d07fbd60798aecabcc938effa56a6b2619e0dde5cb69f526b 616452 libcrypto1.0.0-udeb_1.0.1f-1ubuntu2.22_amd64.udeb 8b77ebaccedb20c2f2ac569f40901234f4db5499849a5737b4fbb24c495d6e83 124890 libssl1.0.0-udeb_1.0.1f-1ubuntu2.22_amd64.udeb 3660782a65eb0d391f08df839ed3c9fb23271a2f0883a103d53b9ef408501220 1074230 libssl-dev_1.0.1f-1ubuntu2.22_amd64.deb 60bf80f701f23e6227dca44a2fcd5b6ba6f2d8156b6b36af2bab24a10d736945 2661750 libssl1.0.0-dbg_1.0.1f-1ubuntu2.22_amd64.deb 2d7369e8162a9c671defbf715ad32558f660677e59d79ecfbd0d6a03ec513c0c 1058 openssl-dbgsym_1.0.1f-1ubuntu2.22_amd64.ddeb f8c8b43ef0d7e07f1c9fbf6bc27cd7d6d9e7a59ecd5957e9390ff24ada89b42d 900 libssl1.0.0-dbgsym_1.0.1f-1ubuntu2.22_amd64.ddeb 692b85e3fb3f0acaab96bf63cfbf3d3eb9d98ed187d82a7f8d6572d7ffc5447f 936 libcrypto1.0.0-udeb-dbgsym_1.0.1f-1ubuntu2.22_amd64.ddeb 614e8b49357f637d7e2b13469695f8693aed70c6d6c1d720f4f9038d38a5745e 818 libssl1.0.0-udeb-dbgsym_1.0.1f-1ubuntu2.22_amd64.ddeb 856b7b1325ddbdd965326df81a8f6d5d43b84c3755da49c9317e2e15ac42f4ec 922 libssl-dev-dbgsym_1.0.1f-1ubuntu2.22_amd64.ddeb f7e671a9b9d0429732c25ce239108840a7528bcdce5c510e208352c53b2cc854 20807 openssl_1.0.1f-1ubuntu2.22_amd64_translations.tar.gz Files: 71180c9867c9c22a5f3f2ee30a8306f2 489338 utils optional openssl_1.0.1f-1ubuntu2.22_amd64.deb 0cdfa80fc48416e76bd2f84de3624851 827798 libs important libssl1.0.0_1.0.1f-1ubuntu2.22_amd64.deb 67e580f18810d90c61975eed1245af52 616452 debian-installer optional libcrypto1.0.0-udeb_1.0.1f-1ubuntu2.22_amd64.udeb 15414ea812cf87ee58d7750c356ffe18 124890 debian-installer optional libssl1.0.0-udeb_1.0.1f-1ubuntu2.22_amd64.udeb 529ae50e6918f48841abef0f664453f4 1074230 libdevel optional libssl-dev_1.0.1f-1ubuntu2.22_amd64.deb b17bdeac338d93d34f9df19ce496e2cf 2661750 debug extra libssl1.0.0-dbg_1.0.1f-1ubuntu2.22_amd64.deb 70bf1db07d625ddce689851a4db4c042 1058 utils extra openssl-dbgsym_1.0.1f-1ubuntu2.22_amd64.ddeb e77b5622a4d16b44990f86c2d43bfc43 900 libs extra libssl1.0.0-dbgsym_1.0.1f-1ubuntu2.22_amd64.ddeb 6de4735418198b246f3db54f28ecad79 936 debian-installer extra libcrypto1.0.0-udeb-dbgsym_1.0.1f-1ubuntu2.22_amd64.ddeb ca77df0621654b86c2161d0ac8d11d30 818 debian-installer extra libssl1.0.0-udeb-dbgsym_1.0.1f-1ubuntu2.22_amd64.ddeb 41962c0e8a927c7b06fcfea68ea759ad 922 libdevel extra libssl-dev-dbgsym_1.0.1f-1ubuntu2.22_amd64.ddeb e7da9e100626541992a16a86d7788d65 20807 raw-translations - openssl_1.0.1f-1ubuntu2.22_amd64_translations.tar.gz Original-Maintainer: Debian OpenSSL Team Package-Type: udeb