giugno 30, 2009

Nuovi aggiornamenti per Ubuntu 9.04 Jaunty Jackalope

| No comment
Elenco degli aggiornamenti disponibili per Ubuntu 9.04 Jaunty Jackalope che Canonical rende publici con cadenza settimanale, relativi alla sicurezza:

  • Versione 2.1.22.dfsg1-23ubuntu3.1:
* SECURITY UPDATE: base64 encoding could result in unterminated
strings, leading to crashes or loss of privacy.
- Add debian/patches/0050_sasl_encode64_term.dpatch: backported
upstream fixes.
- CVE-2009-0688

  • Versione 2.1.22.dfsg1-23ubuntu3.1:

* SECURITY UPDATE: base64 encoding could result in unterminated
strings, leading to crashes or loss of privacy.
- Add debian/patches/0050_sasl_encode64_term.dpatch: backported
upstream fixes.
- CVE-2009-0688

  • Versione 0.9.8g-15ubuntu3.2:

* SECURITY UPDATE: denial of service via memory consumption from large
number of future epoch DTLS records.
- crypto/pqueue.*: add new pqueue_size counter function.
- ssl/d1_pkt.c: use pqueue_size to limit size of queue to 100.
- http://cvs.openssl.org/chngview?cn=18187
- CVE-2009-1377
* SECURITY UPDATE: denial of service via memory consumption from
duplicate or invalid sequence numbers in DTLS records.
- ssl/d1_both.c: discard message if it's a duplicate or too far in the
future.
- http://marc.info/?l=openssl-dev&m=124263491424212&w=2
- CVE-2009-1378
* SECURITY UPDATE: denial of service or other impact via use-after-free
in dtls1_retrieve_buffered_fragment.
- ssl/d1_both.c: use temp frag_len instead of freed frag.
- http://rt.openssl.org/Ticket/Display.html?id=1923
- CVE-2009-1379
* SECURITY UPDATE: denial of service via DTLS ChangeCipherSpec packet
that occurs before ClientHello.
- ssl/s3_pkt.c: abort if s->session is NULL.
- ssl/{ssl.h,ssl_err.c}: add new error codes.
- http://cvs.openssl.org/chngview?cn=17369
- CVE-2009-1386
* SECURITY UPDATE: denial of service via an out-of-sequence DTLS
handshake message.
- ssl/d1_both.c: don't buffer fragments with no data.
- http://cvs.openssl.org/chngview?cn=17958
- CVE-2009-1387

  • Versione 0.9.8g-15ubuntu3.2:
* SECURITY UPDATE: denial of service via memory consumption from large
number of future epoch DTLS records.
- crypto/pqueue.*: add new pqueue_size counter function.
- ssl/d1_pkt.c: use pqueue_size to limit size of queue to 100.
- http://cvs.openssl.org/chngview?cn=18187
- CVE-2009-1377
* SECURITY UPDATE: denial of service via memory consumption from
duplicate or invalid sequence numbers in DTLS records.
- ssl/d1_both.c: discard message if it's a duplicate or too far in the
future.
- http://marc.info/?l=openssl-dev&m=124263491424212&w=2
- CVE-2009-1378
* SECURITY UPDATE: denial of service or other impact via use-after-free
in dtls1_retrieve_buffered_fragment.
- ssl/d1_both.c: use temp frag_len instead of freed frag.
- http://rt.openssl.org/Ticket/Display.html?id=1923
- CVE-2009-1379
* SECURITY UPDATE: denial of service via DTLS ChangeCipherSpec packet
that occurs before ClientHello.
- ssl/s3_pkt.c: abort if s->session is NULL.
- ssl/{ssl.h,ssl_err.c}: add new error codes.
- http://cvs.openssl.org/chngview?cn=17369
- CVE-2009-1386
* SECURITY UPDATE: denial of service via an out-of-sequence DTLS
handshake message.
- ssl/d1_both.c: don't buffer fragments with no data.
- http://cvs.openssl.org/chngview?cn=17958
- CVE-2009-1387

Ultimi post pubblicati

Gif_Better_300x250

Dark Orbit    300x250

Universo Linux



Trovato questo articolo interessante? Condividilo sulla tua rete di contatti Twitter, sulla tua bacheca su Facebook o semplicemente premi "+1" per suggerire questo risultato nelle ricerche in Google, Linkedin, Instagram o Pinterest. Diffondere contenuti che trovi rilevanti aiuta questo blog a crescere. Grazie! CONDIVIDI SU!

stampa la pagina
,

Nessun commento:

Posta un commento

Non inserire link cliccabili altrimenti il commento verrà eliminato. Metti la spunta a Inviami notifiche per essere avvertito via email di nuovi commenti.

Ultimi post pubblicati

Archivio

Etichette

Ubuntulandia in Pinterest

Post Più Popolari