Ubuntu
openssl097 package

[openssl security] OpenSSL SSL_get_shared_ciphers() off-by-one buffer overflow

Bug #146269 reported by Stephan Rügamer on 2007-09-28

266

	Status	Importance	Assigned to
openssl (Ubuntu)	Fix Released	Undecided	Ubuntu Security Team
Dapper	Fix Released	Undecided	Unassigned
Feisty	Fix Released	Undecided	Unassigned
Gutsy	Fix Released	Undecided	Unassigned
openssl097 (Ubuntu)	Invalid	High	Unassigned
Dapper	Won't Fix	Undecided	Unassigned
Feisty	Won't Fix	Undecided	Unassigned
Gutsy	Invalid	Undecided	Unassigned

Bug Description

Binary package hint: openssl

openssl 0.9.8e and 0.9.7k still have a off-by-one buffer overflow...
this is fixed in latest openssl CVS...

Read about it: http://www.securityfocus.com/archive/1/480855/30/0/threaded
And CVS Fix: http://cvs.openssl.org/chngview?cn=16587

Please find attached a debdiff against latest version of openssl in gutsy

Related branches

lp://staging/ubuntu/lucid/openssl

lp://staging/ubuntu/dapper-security/openssl

lp://staging/ubuntu/edgy-security/openssl

lp://staging/ubuntu/feisty-updates/openssl

CVE References

Jamie Strandboge (jdstrand) on 2007-09-28

Changed in openssl:
assignee:	nobody → ubuntu-security

Revision history for this message

Stephan Rügamer (sruegamer) wrote on 2007-09-28:

gutsy debdiff to fix this issue Edit (6.2 KiB, text/plain)

Revision history for this message

Stephan Rügamer (sruegamer) wrote on 2007-09-28:

dapper debdiff to fix the security issue Edit (5.6 KiB, text/plain)

Revision history for this message

Stephan Rügamer (sruegamer) wrote on 2007-09-28:

edgy debdiff to fix off-by-one buffer overflow Edit (5.6 KiB, text/plain)

Revision history for this message

Stephan Rügamer (sruegamer) wrote on 2007-09-28:

#10

feisty debdiff to fix this security issue Edit (5.6 KiB, text/plain)

Revision history for this message

Kees Cook (kees) wrote on 2007-09-28:

#11

openssl (0.9.8e-5ubuntu2) gutsy; urgency=low

  [ Jamie Strandboge ]
  * SECURITY UPDATE: off-by-one error in SSL_get_shared_ciphers() results in
    buffer overflow
  * ssl/ssl_lib.c: applied upstream patch from openssl CVS thanks to
    Stephan Hermann
  * References:
    CVE-2007-5135
    http://www.securityfocus.com/archive/1/archive/1/480855/100/0/threaded
    Fixes LP: #146269
  * Modify Maintainer value to match the DebianMaintainerField
    specification.

  [ Kees Cook ]
  * SECURITY UPDATE: side-channel attacks via BN_from_montgomery function.
  * crypto/bn/bn_mont.c: upstream patch from openssl CVS thanks to Debian.
  * References
    CVE-2007-3108

-- Kees Cook <email address hidden> Fri, 28 Sep 2007 13:02:19 -0700

Changed in openssl:
status:	New → Fix Released

Revision history for this message

Kees Cook (kees) wrote on 2007-09-28:

#12

openssl (0.9.8c-4ubuntu0.1) feisty-security; urgency=low

  [ Kees Cook ]
  * SECURITY UPDATE: side-channel attacks via BN_from_montgomery function.
  * crypto/bn/bn_mont.c: upstream patch from openssl CVS thanks to Debian.
  * References
    CVE-2007-3108

-- Kees Cook <email address hidden> Fri, 28 Sep 2007 13:02:19 -0700

Revision history for this message

Scott Kitterman (kitterman) wrote on 2007-12-02:

#13

This issue was not corrected before openssl097 was uploaded to the partner repository.

Changed in openssl097:
importance:	Undecided → High
status:	New → Confirmed

Revision history for this message

Jamie Strandboge (jdstrand) wrote on 2007-12-11:

#14

http://www.ubuntu.com/usn/usn-522-1

Changed in openssl:
status:	New → Fix Released

Revision history for this message

Jamie Strandboge (jdstrand) wrote on 2008-07-07:

#15

Marking Invalid as openssl097 is not in Gutsy (partner or otherwise).

Changed in openssl097:
status:	New → Invalid
status:	Confirmed → Invalid
status:	New → Confirmed
status:	New → Confirmed

Revision history for this message

Hew (hew) wrote on 2008-12-15:

#16

Ubuntu Feisty Fawn is no longer supported, so a SRU will not be issued for this release. Marking Feisty as Won't Fix.

Changed in openssl097:
status:	Confirmed → Won't Fix
Changed in openssl:
status:	New → Fix Released

Revision history for this message

Steve Beattie (sbeattie) wrote on 2010-06-24:

#17

This was fixed for dapper's openssl package in openssl 0.9.8a-7ubuntu0.4 (see http://www.ubuntu.com/usn/usn-522-1), closing that task.

Changed in openssl (Ubuntu Dapper):
status:	New → Fix Released

Revision history for this message

Jamie Strandboge (jdstrand) wrote on 2011-10-14:

#18

Thank you for reporting this bug to Ubuntu. dapper has reached EOL
(End of Life) and is no longer supported. As a result, this bug
against dapper is being marked "Won't Fix". Please see
https://wiki.ubuntu.com/Releases for currently supported Ubuntu
releases.

Please feel free to report any other bugs you may find.

Changed in openssl097 (Ubuntu Dapper):
status:	Confirmed → Won't Fix

Report a bug

This report contains Public Security information

Everyone can see this security related information.

Duplicates of this bug

Bug #146270

You are

Subscribing...

Edit bug mail

Other bug subscribers

Patches

Add patch

Remote bug watches

Bug watches keep track of this bug in other bug trackers.

Ubuntuopenssl097 package

[openssl security] OpenSSL SSL_get_shared_ciphers() off-by-one buffer overflow

Bug Description

Related branches

CVE References

Duplicates of this bug

Other bug subscribers

Patches

Remote bug watches

Ubuntu
openssl097 package