openssl 0.9.7e-3ubuntu0.4 source package in Ubuntu
Changelog
openssl (0.9.7e-3ubuntu0.4) hoary-security; urgency=low
* SECURITY UPDATE: Remote arbitrary code execution, remote DoS.
* crypto/asn1/tasn_dec.c, asn1_d2i_ex_primitive(): Initialize 'ret' to avoid
an infinite loop in some circumstances. [CVE-2006-2937]
* ssl/ssl_lib.c, SSL_get_shared_ciphers(): Fix len comparison to correctly
handle invalid long cipher list strings. [CVE-2006-3738]
* ssl/s2_clnt.c, get_server_hello(): Check for NULL session certificate to
avoid client crash with malicious server responses. [CVE-2006-4343]
* Certain types of public key could take disproportionate amounts of time to
process. Apply patch from Bodo Moeller to impose limits to public key type
values (similar to Mozilla's libnss). Fixes CPU usage/memory DoS. [CVE-2006-2940]
* Updated patch in previous package version to fix a few corner-case
regressions. (This reverts the changes to rsa_eay.c/rsa.h/rsa_err.c, which
were determined to not be necessary).
-- Martin Pitt <email address hidden> Wed, 27 Sep 2006 11:10:01 +0000
Upload details
- Uploaded by:
- Martin Pitt
- Uploaded to:
- Hoary
- Original maintainer:
- Christoph Martin
- Architectures:
- any
- Section:
- utils
- Urgency:
- Low Urgency
See full publishing history Publishing
| Series | Published | Component | Section |
|---|
Downloads
| File | Size | SHA-256 Checksum |
|---|---|---|
| openssl_0.9.7e.orig.tar.gz | 2.9 MiB | 25121b5dbd2b830929519325e033086ce45861cff2d0000d928f48261b1e0b7c |
| openssl_0.9.7e-3ubuntu0.4.diff.gz | 30.9 KiB | 5d81ab3595aadcd4df91a128cd0ab69bf89ed98ca27a3cf70ed0a0089fddd5e7 |
| openssl_0.9.7e-3ubuntu0.4.dsc | 645 bytes | 3b93c28a7cad9018c275235b06fadb84cb0808dbabda15c66bcb7023392aed61 |
Binary packages built by this source
- libcrypto0.9.7-udeb: No summary available for libcrypto0.9.7-udeb in ubuntu hoary.
No description available for libcrypto0.9.7-udeb in ubuntu hoary.
- libssl-dev: No summary available for libssl-dev in ubuntu hoary.
No description available for libssl-dev in ubuntu hoary.
- libssl0.9.7: No summary available for libssl0.9.7 in ubuntu hoary.
No description available for libssl0.9.7 in ubuntu hoary.
- openssl: No summary available for openssl in ubuntu hoary.
No description available for openssl in ubuntu hoary.
