[ubuntu/cosmic-proposed] openssl1.0 1.0.2n-1ubuntu6 (Accepted)

Marc Deslauriers marc.deslauriers at ubuntu.com
Wed Jun 20 12:17:13 UTC 2018 

openssl1.0 (1.0.2n-1ubuntu6) cosmic; urgency=medium

  * SECURITY UPDATE: ECDSA key extraction side channel
    - debian/patches/CVE-2018-0495.patch: add blinding to an ECDSA
      signature in crypto/ecdsa/ecdsatest.c, crypto/ecdsa/ecs_ossl.c.
    - CVE-2018-0495
  * SECURITY UPDATE: denial of service via long prime values
    - debian/patches/CVE-2018-0732.patch: reject excessively large primes
      in DH key generation in crypto/dh/dh_key.c.
    - CVE-2018-0732
  * SECURITY UPDATE: RSA cache timing side channel attack
    - debian/patches/CVE-2018-0737-1.patch: replaced variable-time GCD in
      crypto/rsa/rsa_gen.c.
    - debian/patches/CVE-2018-0737-2.patch: used ERR set/pop mark in
      crypto/rsa/rsa_gen.c.
    - debian/patches/CVE-2018-0737-3.patch: consttime flag changed in
      crypto/rsa/rsa_gen.c.
    - debian/patches/CVE-2018-0737-4.patch: ensure BN_mod_inverse and
      BN_mod_exp_mont both get called with BN_FLG_CONSTTIME flag set in
      crypto/rsa/rsa_gen.c.
    - CVE-2018-0737

Date: Wed, 20 Jun 2018 07:59:27 -0400
Changed-By: Marc Deslauriers <marc.deslauriers at ubuntu.com>
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
https://launchpad.net/ubuntu/+source/openssl1.0/1.0.2n-1ubuntu6
-------------- next part --------------
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Wed, 20 Jun 2018 07:59:27 -0400
Source: openssl1.0
Binary: libssl1.0.0 libssl1.0-dev libcrypto1.0.0-udeb libssl1.0.0-udeb openssl1.0
Architecture: source
Version: 1.0.2n-1ubuntu6
Distribution: cosmic
Urgency: medium
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Changed-By: Marc Deslauriers <marc.deslauriers at ubuntu.com>
Description:
 libcrypto1.0.0-udeb - Secure Sockets Layer toolkit - libcrypto udeb (udeb)
 libssl1.0-dev - Secure Sockets Layer toolkit - development files
 libssl1.0.0 - Secure Sockets Layer toolkit - shared libraries
 libssl1.0.0-udeb - ssl shared library - udeb (udeb)
 openssl1.0 - Secure Sockets Layer toolkit 1.0 - cryptographic utility
Changes:
 openssl1.0 (1.0.2n-1ubuntu6) cosmic; urgency=medium
 .
   * SECURITY UPDATE: ECDSA key extraction side channel
     - debian/patches/CVE-2018-0495.patch: add blinding to an ECDSA
       signature in crypto/ecdsa/ecdsatest.c, crypto/ecdsa/ecs_ossl.c.
     - CVE-2018-0495
   * SECURITY UPDATE: denial of service via long prime values
     - debian/patches/CVE-2018-0732.patch: reject excessively large primes
       in DH key generation in crypto/dh/dh_key.c.
     - CVE-2018-0732
   * SECURITY UPDATE: RSA cache timing side channel attack
     - debian/patches/CVE-2018-0737-1.patch: replaced variable-time GCD in
       crypto/rsa/rsa_gen.c.
     - debian/patches/CVE-2018-0737-2.patch: used ERR set/pop mark in
       crypto/rsa/rsa_gen.c.
     - debian/patches/CVE-2018-0737-3.patch: consttime flag changed in
       crypto/rsa/rsa_gen.c.
     - debian/patches/CVE-2018-0737-4.patch: ensure BN_mod_inverse and
       BN_mod_exp_mont both get called with BN_FLG_CONSTTIME flag set in
       crypto/rsa/rsa_gen.c.
     - CVE-2018-0737
Checksums-Sha1:
 e8419050795741f07a2ab55940bab9030af86b09 2705 openssl1.0_1.0.2n-1ubuntu6.dsc
 05888e92f3b6ad890fee5dd84083864823099776 105248 openssl1.0_1.0.2n-1ubuntu6.debian.tar.xz
 53cae72967b164550dae9f7539767238d1781795 5691 openssl1.0_1.0.2n-1ubuntu6_source.buildinfo
Checksums-Sha256:
 adaa7d4eb2d664b7bae9c0bdf9a06c218c59266167891391a166c22147ce53a3 2705 openssl1.0_1.0.2n-1ubuntu6.dsc
 ecaa899293072cd52268e71aaa833a2c1b05dde50d42ab6efc901c743ba6f6f5 105248 openssl1.0_1.0.2n-1ubuntu6.debian.tar.xz
 edfb0fc86247027282b4147415d49d3387882f0538b9786634b9964b8bafd396 5691 openssl1.0_1.0.2n-1ubuntu6_source.buildinfo
Files:
 a5c1c63a4d1b89e4ae7dbae6d524a4d7 2705 utils optional openssl1.0_1.0.2n-1ubuntu6.dsc
 e95abe9890c3cbc6e89e976f7c1ef53b 105248 utils optional openssl1.0_1.0.2n-1ubuntu6.debian.tar.xz
 bd200eb52b9655eac0f684d673175349 5691 utils optional openssl1.0_1.0.2n-1ubuntu6_source.buildinfo
Original-Maintainer: Debian OpenSSL Team <pkg-openssl-devel at lists.alioth.debian.org>

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEUMSg3c8x5FLOsZtRZWnYVadEvpMFAlsqRUAACgkQZWnYVadE
vpMbxQ//fyF7Y3l4PLSkHX0Asq9MYRCEEBpPu49C3F/rkV3kqS1ttJo9FJYI16ud
A0E9um+cIPU0ZRxWP6QseBttDJfzd7gfmBCDsJ9MtLP3nZ88LJGy3rbCL3H6Kibe
w3VTPbrDhFgMQ+9aLzlsctP1J+HPU5CXqNxX4JaWTUM9fE03QpIEibBGzB+/DAkV
FxS9TdsKAG6QjedkR+adoQ2G1SglfkaAzCwaL0HNBEKZnDggYzgMbLx8qqosoDAO
foCQiz29xhnTsbwEdXWuTi3kx66z+oZb6v/8bmFhgCjR6tmCb1X5vD4FWmOD+tWj
DBgv9hxUMazwpv5iEiWT0aISCTm83rwPSvJkfKktfAsC2JLCrfCr9mW9Y5T2iHce
MbwWtXb1jtWu8fLIrMlAl1k+QHqTwBGttyHZ6qc2nLsG9nCPuKfx08fX6j/9+L4c
2g1TIzUq/29N7mjGd5/EpfG5DA71uFUfpv9aLbSzKBlBB18WmNG9CH5m3Bbrf/dI
11mjK0h1TfBDOhMJL9ZxvX/32i/iE0GJxCliVf7kMfwvCG0U+yEq4n+koQ4R8tx/
fcweXCkIEv/Nu0BJDr4DxwrAvHxOQ67mDLr96DfhFl4NOnGM3Qe+cvkawpHtUNtf
yltcmzfuFZ6bcxfpGUDSYgLcbjjdmayc/Y2+wVD27j3YbAglBaM=
=F0C3
-----END PGP SIGNATURE-----

More information about the Cosmic-changes mailing list