Format: 1.8 Date: Mon, 30 Jan 2017 11:38:06 -0500 Source: openssl Binary: openssl libssl1.0.0 libcrypto1.0.0-udeb libssl1.0.0-udeb libssl-dev libssl-doc libssl1.0.0-dbg Architecture: armhf armhf_translations Version: 1.0.1f-1ubuntu2.22 Distribution: trusty Urgency: medium Maintainer: Launchpad Build Daemon Changed-By: Marc Deslauriers Description: libcrypto1.0.0-udeb - Secure Sockets Layer toolkit - libcrypto udeb (udeb) libssl-dev - Secure Sockets Layer toolkit - development files libssl-doc - Secure Sockets Layer toolkit - development documentation libssl1.0.0 - Secure Sockets Layer toolkit - shared libraries libssl1.0.0-dbg - Secure Sockets Layer toolkit - debug information libssl1.0.0-udeb - ssl shared library - udeb (udeb) openssl - Secure Sockets Layer toolkit - cryptographic utility Changes: openssl (1.0.1f-1ubuntu2.22) trusty-security; urgency=medium . * SECURITY UPDATE: Pointer arithmetic undefined behaviour - debian/patches/CVE-2016-2177-pre.patch: check for ClientHello message overruns in ssl/s3_srvr.c. - debian/patches/CVE-2016-2177-pre2.patch: validate ClientHello extension field length in ssl/t1_lib.c. - debian/patches/CVE-2016-2177-pre3.patch: pass in a limit rather than calculate it in ssl/s3_srvr.c, ssl/ssl_locl.h, ssl/t1_lib.c. - debian/patches/CVE-2016-2177.patch: avoid undefined pointer arithmetic in ssl/s3_srvr.c, ssl/t1_lib.c, - CVE-2016-2177 * SECURITY UPDATE: ECDSA P-256 timing attack key recovery - debian/patches/CVE-2016-7056.patch: use BN_mod_exp_mont_consttime in crypto/ec/ec.h, crypto/ec/ec_lcl.h, crypto/ec/ec_lib.c, crypto/ecdsa/ecs_ossl.c. - CVE-2016-7056 * SECURITY UPDATE: DoS via warning alerts - debian/patches/CVE-2016-8610.patch: don't allow too many consecutive warning alerts in ssl/d1_pkt.c, ssl/s3_pkt.c, ssl/ssl.h, ssl/ssl_locl.h. - debian/patches/CVE-2016-8610-2.patch: fail if an unrecognised record type is received in ssl/s3_pkt.c. - CVE-2016-8610 * SECURITY UPDATE: Truncated packet could crash via OOB read - debian/patches/CVE-2017-3731-pre.patch: sanity check EVP_CTRL_AEAD_TLS_AAD in crypto/evp/e_aes.c, crypto/evp/e_aes_cbc_hmac_sha1.c, crypto/evp/e_rc4_hmac_md5.c, crypto/evp/evp.h, ssl/t1_enc.c. - debian/patches/CVE-2017-3731.patch: harden RC4_MD5 cipher in crypto/evp/e_rc4_hmac_md5.c. - CVE-2017-3731 Checksums-Sha1: 86903dbe36dc6446f9be069481e6149bdb305168 487190 openssl_1.0.1f-1ubuntu2.22_armhf.deb e491bf6665887cab8ea999a77c84f7356b8a984d 660456 libssl1.0.0_1.0.1f-1ubuntu2.22_armhf.deb 159a8e03da412f094337dc08a842c825656bdb21 473398 libcrypto1.0.0-udeb_1.0.1f-1ubuntu2.22_armhf.udeb bb88533aff6888aafa3c312cdbc1643aee7a571f 103308 libssl1.0.0-udeb_1.0.1f-1ubuntu2.22_armhf.udeb bbe320d7fcbd56aa28409b86571dedd57fd6eb7d 912004 libssl-dev_1.0.1f-1ubuntu2.22_armhf.deb ff9cb7948148fac46fa6f17d8ca8002a97c74577 2539270 libssl1.0.0-dbg_1.0.1f-1ubuntu2.22_armhf.deb 617289bf96a929001560fae6594a161b5cb21cee 1060 openssl-dbgsym_1.0.1f-1ubuntu2.22_armhf.ddeb da1d542f18ea829b952086fc012ee33683f6c665 900 libssl1.0.0-dbgsym_1.0.1f-1ubuntu2.22_armhf.ddeb 47091d1c71f3a7071f137f9cd6c5ef662c4a3e02 936 libcrypto1.0.0-udeb-dbgsym_1.0.1f-1ubuntu2.22_armhf.ddeb 1fff6430a1cbdda50302924ff76e984b10c53d49 818 libssl1.0.0-udeb-dbgsym_1.0.1f-1ubuntu2.22_armhf.ddeb 4574f35d06b6aa347e6fe71c2f01ad6d31d06e50 924 libssl-dev-dbgsym_1.0.1f-1ubuntu2.22_armhf.ddeb a29e063c3aaf62ae34cc71783be39ea7008e8462 20619 openssl_1.0.1f-1ubuntu2.22_armhf_translations.tar.gz Checksums-Sha256: 13f3781b46ec1513efa2df6e6543b73cad1c9f0c2274674e3a5a3c5392169be2 487190 openssl_1.0.1f-1ubuntu2.22_armhf.deb 7131b735cf24331e86c7f0ddf2f5c0cac1a1dc9fa6797cbbbfdeb689b3778c18 660456 libssl1.0.0_1.0.1f-1ubuntu2.22_armhf.deb baeb130df0210251bcbfbf594bd3308e075b64f4cd3d6e8668b7b758fc430394 473398 libcrypto1.0.0-udeb_1.0.1f-1ubuntu2.22_armhf.udeb 32982d3ce4e2eb1bf0a0a73d44482f2f397ccb35c903321679db09d7942b2985 103308 libssl1.0.0-udeb_1.0.1f-1ubuntu2.22_armhf.udeb b59b7586f118a1099e48a4ffe56ae821b47fbbabc74fb7aea82892485a47f4b1 912004 libssl-dev_1.0.1f-1ubuntu2.22_armhf.deb 409f37e2d442a2c92c18f61ec61841334bc41a0fe8f922a5a4df55bac72db705 2539270 libssl1.0.0-dbg_1.0.1f-1ubuntu2.22_armhf.deb 547c2a4b75dbcdbb2fad5912222ada047121c5fbe7a9a2f542d9ed78e31b736b 1060 openssl-dbgsym_1.0.1f-1ubuntu2.22_armhf.ddeb f596f2e2f8cc61dc0e6b9e61a6c790f4ffb286ac0903bca9e12b6b69fe5958cf 900 libssl1.0.0-dbgsym_1.0.1f-1ubuntu2.22_armhf.ddeb e7634f4912c76fc4bcd455660143f6dd54677bb891ed26615632b0f03d3253d1 936 libcrypto1.0.0-udeb-dbgsym_1.0.1f-1ubuntu2.22_armhf.ddeb c7b60cbad9637069fed3a531790e7d1488881698df5b97ca13dbbcab5f1d93d9 818 libssl1.0.0-udeb-dbgsym_1.0.1f-1ubuntu2.22_armhf.ddeb 12c5cda078c6edfc5dfc34bb354ccfdc0922dba8a6b034430748f3cba50cc75d 924 libssl-dev-dbgsym_1.0.1f-1ubuntu2.22_armhf.ddeb 3c5b1ca8f57af7bdb60342f900fe8455f7c9e40818241ee18c2ab7d0a66aad58 20619 openssl_1.0.1f-1ubuntu2.22_armhf_translations.tar.gz Files: bd2f3d9cef2dd3463f937e7229696d9b 487190 utils optional openssl_1.0.1f-1ubuntu2.22_armhf.deb b2154645512b65d3b5dbd8df81df48d5 660456 libs important libssl1.0.0_1.0.1f-1ubuntu2.22_armhf.deb 3b5929ae4f95c76c48ebb2a84a5611f1 473398 debian-installer optional libcrypto1.0.0-udeb_1.0.1f-1ubuntu2.22_armhf.udeb 6cf371fcd521ad1d412a589b957a77cc 103308 debian-installer optional libssl1.0.0-udeb_1.0.1f-1ubuntu2.22_armhf.udeb 5db93b898abfacec46fe827bd13f66b7 912004 libdevel optional libssl-dev_1.0.1f-1ubuntu2.22_armhf.deb 8aed04b6b8a5f092342d419b820dc94c 2539270 debug extra libssl1.0.0-dbg_1.0.1f-1ubuntu2.22_armhf.deb 792e3de07dc59ad8be848e27b63811a8 1060 utils extra openssl-dbgsym_1.0.1f-1ubuntu2.22_armhf.ddeb 6ec79cfc9a27a0ef96e51e21c6544765 900 libs extra libssl1.0.0-dbgsym_1.0.1f-1ubuntu2.22_armhf.ddeb 75ca1bd08655e3e2db2a07f9e7d9310b 936 debian-installer extra libcrypto1.0.0-udeb-dbgsym_1.0.1f-1ubuntu2.22_armhf.ddeb 6ecd5988334ba145adb04532578b6ec9 818 debian-installer extra libssl1.0.0-udeb-dbgsym_1.0.1f-1ubuntu2.22_armhf.ddeb c7c0df929150c43399c572786ad24727 924 libdevel extra libssl-dev-dbgsym_1.0.1f-1ubuntu2.22_armhf.ddeb be63864fdb1e4012d2995ca6281f0973 20619 raw-translations - openssl_1.0.1f-1ubuntu2.22_armhf_translations.tar.gz Original-Maintainer: Debian OpenSSL Team Package-Type: udeb