Format: 1.8 Date: Tue, 24 Apr 2012 10:06:47 -0500 Source: openssl098 Binary: libssl0.9.8 libssl0.9.8-dbg libcrypto0.9.8-udeb Architecture: amd64 Version: 0.9.8o-7ubuntu3.1 Distribution: precise Urgency: low Maintainer: Ubuntu/amd64 Build Daemon Changed-By: Jamie Strandboge Description: libcrypto0.9.8-udeb - crypto shared library - udeb (udeb) libssl0.9.8 - SSL shared libraries libssl0.9.8-dbg - Symbol tables for libssl and libcrypto Changes: openssl098 (0.9.8o-7ubuntu3.1) precise-security; urgency=low . * Bring up to date with latest security patches from Ubuntu 11.04: * SECURITY UPDATE: ECDSA private key timing attack - debian/patches/CVE-2011-1945.patch: compute with fixed scalar length - CVE-2011-1945 * SECURITY UPDATE: ECDH ciphersuite denial of service - debian/patches/CVE-2011-3210.patch: fix memory usage for thread safety - CVE-2011-3210 * SECURITY UPDATE: DTLS plaintext recovery attack - debian/patches/CVE-2011-4108.patch: perform all computations before discarding messages - CVE-2011-4108 * SECURITY UPDATE: policy check double free vulnerability - debian/patches/CVE-2011-4019.patch: only free domain policyin one location - CVE-2011-4019 * SECURITY UPDATE: SSL 3.0 block padding exposure - debian/patches/CVE-2011-4576.patch: clear bytes used for block padding of SSL 3.0 records. - CVE-2011-4576 * SECURITY UPDATE: malformed RFC 3779 data denial of service attack - debian/patches/CVE-2011-4577.patch: prevent malformed RFC3779 data from triggering an assertion failure - CVE-2011-4577 * SECURITY UPDATE: Server Gated Cryptography (SGC) denial of service - debian/patches/CVE-2011-4619.patch: Only allow one SGC handshake restart for SSL/TLS. - CVE-2011-4619 * SECURITY UPDATE: fix for CVE-2011-4108 denial of service attack - debian/patches/CVE-2012-0050.patch: improve handling of DTLS MAC - CVE-2012-0050 * SECURITY UPDATE: NULL pointer dereference in S/MIME messages with broken headers - debian/patches/CVE-2006-7250+2012-1165.patch: adjust mime_hdr_cmp() and mime_param_cmp() to not dereference the compared strings if either is NULL - CVE-2006-7250 - CVE-2012-1165 * SECURITY UPDATE: fix various overflows - debian/patches/CVE-2012-2110.patch: adjust crypto/a_d2i_fp.c, crypto/buffer.c and crypto/mem.c to verify size of lengths - CVE-2012-2110 * SECURITY UPDATE: incomplete fix for CVE-2012-2110 - debian/patches/CVE-2012-2131.patch: also verify 'len' in BUF_MEM_grow and BUF_MEM_grow_clean is non-negative - CVE-2012-2131 * debian/patches/CVE-2012-2110b.patch: Use correct error code in BUF_MEM_grow_clean() Checksums-Sha1: f85e6f60a3aaf697f0ffbb0bf2181095e6abdcff 860966 libssl0.9.8_0.9.8o-7ubuntu3.1_amd64.deb 194c7b3e4b956f44baadee7d657684bcf8954747 1648112 libssl0.9.8-dbg_0.9.8o-7ubuntu3.1_amd64.deb 64a378107858a5a2fc21a7729abb20a5c77362cf 622666 libcrypto0.9.8-udeb_0.9.8o-7ubuntu3.1_amd64.udeb Checksums-Sha256: 3774a86f50833002f90380a0165779fe8ffbecbbe112854109fa497f275cd48e 860966 libssl0.9.8_0.9.8o-7ubuntu3.1_amd64.deb 0f06e615317558382a7ffed881064dc1bad6a0fdef86accda604a1e4717addfe 1648112 libssl0.9.8-dbg_0.9.8o-7ubuntu3.1_amd64.deb c2811d35e8a2b7cdfa34b874a043f1d5f32989a76dbd93df2d2c4ce3f21090a5 622666 libcrypto0.9.8-udeb_0.9.8o-7ubuntu3.1_amd64.udeb Files: eb7872308615ee1b0425be2549a6bb79 860966 libs important libssl0.9.8_0.9.8o-7ubuntu3.1_amd64.deb 6a64e98389d64335e469d0bc2fbf25ed 1648112 debug extra libssl0.9.8-dbg_0.9.8o-7ubuntu3.1_amd64.deb 2aa78ea256b8551d1281e857d39c0281 622666 debian-installer optional libcrypto0.9.8-udeb_0.9.8o-7ubuntu3.1_amd64.udeb Original-Maintainer: Debian OpenSSL Team Package-Type: udeb