Accepted openssl096 0.9.6j-1 (i386 source)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.7
Date: Wed, 16 Apr 2003 11:59:47 +0200
Source: openssl096
Binary: libssl0.9.6
Architecture: source i386
Version: 0.9.6j-1
Distribution: unstable
Urgency: high
Maintainer: Christoph Martin <christoph.martin@uni-mainz.de>
Changed-By: Christoph Martin <christoph.martin@uni-mainz.de>
Description:
libssl0.9.6 - SSL shared libraries (old version)
Closes: 189087
Changes:
openssl096 (0.9.6j-1) unstable; urgency=high
.
* upstream security fix
- Countermeasure against the Klima-Pokorny-Rosa extension of
Bleichbacher's attack on PKCS #1 v1.5 padding: treat
a protocol version number mismatch like a decryption error
in ssl3_get_client_key_exchange (ssl/s3_srvr.c). (CAN-2003-0131)
(closes: #189087)
- Turn on RSA blinding by default in the default implementation
to avoid a timing attack. Applications that don't want it can call
RSA_blinding_off() or use the new flag RSA_FLAG_NO_BLINDING.
They would be ill-advised to do so in most cases. (CAN-2003-0147)
- Change RSA blinding code so that it works when the PRNG is not
seeded (in this case, the secret RSA exponent is abused as
an unpredictable seed -- if it is not unpredictable, there
is no point in blinding anyway). Make RSA blinding thread-safe
by remembering the creator's thread ID in rsa->blinding and
having all other threads use local one-time blinding factors
(this requires more computation than sharing rsa->blinding, but
avoids excessive locking; and if an RSA object is not shared
between threads, blinding will still be very fast).
Files:
fe6522a304f19c69cbd201e6e17bb77e 594 utils optional openssl096_0.9.6j-1.dsc
026353f8dc85d95ec382daf724157e0b 2185159 utils optional openssl096_0.9.6j.orig.tar.gz
7297e90d0cff6fd576c72e91e0da290d 17952 utils optional openssl096_0.9.6j-1.diff.gz
873a582e0bf89756d6922e87cca36af0 1633212 oldlibs standard libssl0.9.6_0.9.6j-1_i386.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.0 (GNU/Linux)
iD8DBQE+nUJHgeVih7XOVJcRAhVmAJ0a0eJGx5D1kAfqLH799REBAkBIdgCfaRMr
znfD/9MQLH6GhrpO/l7ZiAI=
=iEqf
-----END PGP SIGNATURE-----
Accepted:
libssl0.9.6_0.9.6j-1_i386.deb
to pool/main/o/openssl096/libssl0.9.6_0.9.6j-1_i386.deb
openssl096_0.9.6j-1.diff.gz
to pool/main/o/openssl096/openssl096_0.9.6j-1.diff.gz
openssl096_0.9.6j-1.dsc
to pool/main/o/openssl096/openssl096_0.9.6j-1.dsc
openssl096_0.9.6j.orig.tar.gz
to pool/main/o/openssl096/openssl096_0.9.6j.orig.tar.gz
Reply to: