File _patchinfo of Package patchinfo.6709

Overview Repositories Revisions Requests Users Attributes Meta

File _patchinfo of Package patchinfo.6709

<patchinfo incident="6709">
  <issue id="1019334" tracker="bnc">VUL-1: CVE-2016-7056: openssl: ECSDA P-256 timing attack key recovery</issue>
  <issue id="968050" tracker="bnc">VUL-1: CVE-2016-0702: openssl: Side channel attack on modular exponentiation "CacheBleed"</issue>
  <issue id="2016-0702" tracker="cve" />
  <issue id="2016-7056" tracker="cve" />
  <category>security</category>
  <rating>moderate</rating>
  <packager>jengelh</packager>
  <description>
This update for libressl to version 2.5.1 fixes the following issues:

These security issues were fixed:

- CVE-2016-0702: Prevent side channel attack on modular exponentiation (boo#968050).
- CVE-2016-7056: Avoid a side-channel cache-timing attack that can leak the ECDSA private keys when signing (boo#1019334).

These non-security issues were fixed:

- Detect zero-length encrypted session data early
- Curve25519 Key Exchange support.
- Support for alternate chains for certificate verification.
- Added EVP interface for MD5+SHA1 hashes
- Fixed DTLS client failures when the server sends a certificate request.
- Corrected handling of padding when upgrading an SSLv2 challenge into an SSLv3/TLS connection.
- Allowed protocols and ciphers to be set on a TLS config object in libtls.
</description>
  <summary>Security update for libressl</summary>
</patchinfo>

Places

File _patchinfo of Package patchinfo.6709

Places