[ubuntu/cosmic-proposed] openssl 1.1.0g-2ubuntu5 (Accepted)

Marc Deslauriers marc.deslauriers at ubuntu.com
Wed Jun 20 12:17:17 UTC 2018 

openssl (1.1.0g-2ubuntu5) cosmic; urgency=medium

  * SECURITY UPDATE: ECDSA key extraction side channel
    - debian/patches/CVE-2018-0495.patch: add blinding to an ECDSA
      signature in crypto/ec/ecdsa_ossl.c.
    - CVE-2018-0495
  * SECURITY UPDATE: denial of service via long prime values
    - debian/patches/CVE-2018-0732.patch: reject excessively large primes
      in DH key generation in crypto/dh/dh_key.c.
    - CVE-2018-0732
  * SECURITY UPDATE: RSA cache timing side channel attack
    - debian/patches/CVE-2018-0737-1.patch: replaced variable-time GCD in
      crypto/rsa/rsa_gen.c.
    - debian/patches/CVE-2018-0737-2.patch: used ERR set/pop mark in
      crypto/rsa/rsa_gen.c.
    - debian/patches/CVE-2018-0737-3.patch: consttime flag changed in
      crypto/rsa/rsa_gen.c.
    - debian/patches/CVE-2018-0737-4.patch: ensure BN_mod_inverse and
      BN_mod_exp_mont both get called with BN_FLG_CONSTTIME flag set in
      crypto/rsa/rsa_gen.c.
    - CVE-2018-0737

Date: Wed, 20 Jun 2018 07:13:37 -0400
Changed-By: Marc Deslauriers <marc.deslauriers at ubuntu.com>
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
https://launchpad.net/ubuntu/+source/openssl/1.1.0g-2ubuntu5
-------------- next part --------------
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Wed, 20 Jun 2018 07:13:37 -0400
Source: openssl
Binary: openssl libssl1.1 libcrypto1.1-udeb libssl1.1-udeb libssl-dev libssl-doc
Architecture: source
Version: 1.1.0g-2ubuntu5
Distribution: cosmic
Urgency: medium
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Changed-By: Marc Deslauriers <marc.deslauriers at ubuntu.com>
Description:
 libcrypto1.1-udeb - Secure Sockets Layer toolkit - libcrypto udeb (udeb)
 libssl-dev - Secure Sockets Layer toolkit - development files
 libssl-doc - Secure Sockets Layer toolkit - development documentation
 libssl1.1  - Secure Sockets Layer toolkit - shared libraries
 libssl1.1-udeb - ssl shared library - udeb (udeb)
 openssl    - Secure Sockets Layer toolkit - cryptographic utility
Changes:
 openssl (1.1.0g-2ubuntu5) cosmic; urgency=medium
 .
   * SECURITY UPDATE: ECDSA key extraction side channel
     - debian/patches/CVE-2018-0495.patch: add blinding to an ECDSA
       signature in crypto/ec/ecdsa_ossl.c.
     - CVE-2018-0495
   * SECURITY UPDATE: denial of service via long prime values
     - debian/patches/CVE-2018-0732.patch: reject excessively large primes
       in DH key generation in crypto/dh/dh_key.c.
     - CVE-2018-0732
   * SECURITY UPDATE: RSA cache timing side channel attack
     - debian/patches/CVE-2018-0737-1.patch: replaced variable-time GCD in
       crypto/rsa/rsa_gen.c.
     - debian/patches/CVE-2018-0737-2.patch: used ERR set/pop mark in
       crypto/rsa/rsa_gen.c.
     - debian/patches/CVE-2018-0737-3.patch: consttime flag changed in
       crypto/rsa/rsa_gen.c.
     - debian/patches/CVE-2018-0737-4.patch: ensure BN_mod_inverse and
       BN_mod_exp_mont both get called with BN_FLG_CONSTTIME flag set in
       crypto/rsa/rsa_gen.c.
     - CVE-2018-0737
Checksums-Sha1:
 b0bcd495348364e783f01b19fde012c583e6b9e7 2690 openssl_1.1.0g-2ubuntu5.dsc
 85672078b2a76a886bd77a01c1f30381a0954041 75680 openssl_1.1.0g-2ubuntu5.debian.tar.xz
 32a2b18099c3c8dfe134901e9f7c3143697912e7 5678 openssl_1.1.0g-2ubuntu5_source.buildinfo
Checksums-Sha256:
 87074f7bf6c7edc83a2bb5b5b17278131979dd34b8b329c5316dba712c36f87a 2690 openssl_1.1.0g-2ubuntu5.dsc
 e544407abbeb22139617887b93b97d212c3153d5367dfcd30c1c2b64e3a8fdb0 75680 openssl_1.1.0g-2ubuntu5.debian.tar.xz
 70502a96ae3b7039b4c4f6ca7b28aa618f314b0935e00e491d61b8e2b1f1d17f 5678 openssl_1.1.0g-2ubuntu5_source.buildinfo
Files:
 6d97c19270b519b130db1d6130162066 2690 utils optional openssl_1.1.0g-2ubuntu5.dsc
 c71a9acbb946ae41cd6bd8cfe02c42f7 75680 utils optional openssl_1.1.0g-2ubuntu5.debian.tar.xz
 fc9ab759ad87a4c66764e2161eb993e6 5678 utils optional openssl_1.1.0g-2ubuntu5_source.buildinfo
Original-Maintainer: Debian OpenSSL Team <pkg-openssl-devel at lists.alioth.debian.org>

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEUMSg3c8x5FLOsZtRZWnYVadEvpMFAlsqRTkACgkQZWnYVadE
vpNwfg//TpIqAsIFtqVCfwYQAED9ey9Fs/OmrOeAMPXprCUbvDNwBvymAY9vw8iJ
5YBzSbvOLNF6IdXweagV8wDW9evjoDbXsA5cr/M4avX1DXUwm9KAaPPoIFO4kV3j
hLMe2osLVlF86zGQFy/FzhyX4XdiH5qNUeDLQQyur9ba0BHDUt9D0YJpCRYiIktd
Gdo37Y7HMIMiUbmnUUtUt5wCdAf1nz9tgMeJt2OOiN86V3zsYLFgTPl2bXGOWRDt
aOXD7lTXOMkgCksAGKIZJ3GQNGNDR0xEyjIowOeSGHe/M2d2NyTCY0AGwH8mRFbs
YoMtCW0C0ZUUh7zo32QsS99wViFqy1MK74qUmg6GyqXvk4tWaPExJbJ7UT6gmOf6
RNsT2fxIOCVvQYNcdEz7u2MXh67jgKBnuZ5dGV/TayW7dU2JtvhPF3e0vV9XV9DX
460WkJNSnEkdf6rYdppkHQYynOCT7rzypJtXjcx6y/ahkuE79PZVPI9htqZQf7+z
Vct/uCFJRosjxoj8db4b94s7APbNFad9AnoiyzXlUWiGs6TQlFJk/QKquMNcNgFe
9K3I0GrLNvB6Tmhkdo7AMVtiPslOFBZ2PpnTjM93M6pN5qOsPC9BiquQQOQGnUp2
ahbTATZM1vyCXl4YPAevL15RJfWlNfSOqHmQHLh4calBZpdvif4=
=i6b2
-----END PGP SIGNATURE-----

More information about the Cosmic-changes mailing list