oem-qa team mailing list archive
-
oem-qa team
-
Mailing list archive
-
Message #00117
[Bug 352919] Re: Update OpenSSL to version 0.9.8g-4ubuntu3.5
** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2009-0590
** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2008-5077
--
Update OpenSSL to version 0.9.8g-4ubuntu3.5
https://bugs.launchpad.net/bugs/352919
You received this bug notification because you are a member of OEM
Services QA, which is subscribed to The Dell Mini Project.
Status in Dell Inspiron Mini with Custom Dell UI: Fix Committed
Bug description:
OpenSSL is currently in version 0.9.8g-4ubuntu3.3 in dell-mini-hardy. It should be update to version 0.9.8g-4ubuntu3.5 to fix several security vulnerabilities. Generic hardy has been already been patched.
Changelog:
openssl (0.9.8g-4ubuntu3.5) hardy-security; urgency=low
* SECURITY UPDATE: crash via invalid memory access when printing BMPString
or UniversalString with invalid length
- crypto/asn1/tasn_dec.c, crypto/asn1/asn1_err.c and crypto/asn1/asn1.h:
return error if invalid length
- CVE-2009-0590
- http://www.openssl.org/news/secadv_20090325.txt
- patch from upstream CVS:
crypto/asn1/asn1.h:1.128.2.11->1.128.2.12
crypto/asn1/asn1_err.c:1.54.2.4->1.54.2.5
crypto/asn1/tasn_dec.c:1.26.2.10->1.26.2.11
-- Jamie Strandboge <jamie@xxxxxxxxxx> Thu, 26 Mar 2009 14:12:48 -0500
openssl (0.9.8g-4ubuntu3.4) hardy-security; urgency=low
* SECURITY UPDATE: clients treat malformed signatures as good when verifying
server DSA and ECDSA certificates
- update apps/speed.c, apps/spkac.c, apps/verify.c, apps/x509.c,
ssl/s2_clnt.c, ssl/s2_srvr.c, ssl/s3_clnt.c, s3_srvr.c, and
ssl/ssltest.c to properly check the return code of EVP_VerifyFinal()
- patch based on upstream patch for #2008-016
- CVE-2008-5077
-- Jamie Strandboge <jamie@xxxxxxxxxx> Tue, 06 Jan 2009 01:00:29 -0600
