Accepted openssl 0.9.7b-1 (i386 source)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.7
Date: Wed, 16 Apr 2003 10:32:57 +0200
Source: openssl
Binary: libssl0.9.7 libssl-dev openssl
Architecture: source i386
Version: 0.9.7b-1
Distribution: unstable
Urgency: high
Maintainer: Christoph Martin <christoph.martin@uni-mainz.de>
Changed-By: Christoph Martin <christoph.martin@uni-mainz.de>
Description:
libssl-dev - SSL development libraries, header files and documentation
libssl0.9.7 - SSL shared libraries
openssl - Secure Socket Layer (SSL) binary and related cryptographic tools
Closes: 189087
Changes:
openssl (0.9.7b-1) unstable; urgency=high
.
* upstream security fix
- Countermeasure against the Klima-Pokorny-Rosa extension of
Bleichbacher's attack on PKCS #1 v1.5 padding: treat
a protocol version number mismatch like a decryption error
in ssl3_get_client_key_exchange (ssl/s3_srvr.c). (CAN-2003-0131)
(closes: #189087)
- Turn on RSA blinding by default in the default implementation
to avoid a timing attack. Applications that don't want it can call
RSA_blinding_off() or use the new flag RSA_FLAG_NO_BLINDING.
They would be ill-advised to do so in most cases. (CAN-2003-0147)
- Change RSA blinding code so that it works when the PRNG is not
seeded (in this case, the secret RSA exponent is abused as
an unpredictable seed -- if it is not unpredictable, there
is no point in blinding anyway). Make RSA blinding thread-safe
by remembering the creator's thread ID in rsa->blinding and
having all other threads use local one-time blinding factors
(this requires more computation than sharing rsa->blinding, but
avoids excessive locking; and if an RSA object is not shared
between threads, blinding will still be very fast).
for more details see the CHANGES file
Files:
65101fa08603c0e9872f9534184f6f15 606 utils optional openssl_0.9.7b-1.dsc
087fba2616f3d8a68184e8606e4cdd93 2785672 utils optional openssl_0.9.7b.orig.tar.gz
ab1e1ab47055c805ca9fc84dd0490c22 18099 utils optional openssl_0.9.7b-1.diff.gz
188bc25f60df3fa1c6744c4e2e2fa2f7 876518 utils optional openssl_0.9.7b-1_i386.deb
bf8e11ce354216d6109406fbbb34963f 2002002 libs standard libssl0.9.7_0.9.7b-1_i386.deb
a9268dba54da0c8905c70e951b3cac6d 1730466 devel optional libssl-dev_0.9.7b-1_i386.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.0 (GNU/Linux)
iD8DBQE+nSJCgeVih7XOVJcRAih7AJ9r5U//1avBbrGTjz4mnuptBJCddACfT4rb
9/NiZx7wv6r1h+ogvMyBbfs=
=+K6Q
-----END PGP SIGNATURE-----
Accepted:
libssl-dev_0.9.7b-1_i386.deb
to pool/main/o/openssl/libssl-dev_0.9.7b-1_i386.deb
libssl0.9.7_0.9.7b-1_i386.deb
to pool/main/o/openssl/libssl0.9.7_0.9.7b-1_i386.deb
openssl_0.9.7b-1.diff.gz
to pool/main/o/openssl/openssl_0.9.7b-1.diff.gz
openssl_0.9.7b-1.dsc
to pool/main/o/openssl/openssl_0.9.7b-1.dsc
openssl_0.9.7b-1_i386.deb
to pool/main/o/openssl/openssl_0.9.7b-1_i386.deb
openssl_0.9.7b.orig.tar.gz
to pool/main/o/openssl/openssl_0.9.7b.orig.tar.gz
Reply to: