This repository has been archived by the owner on Mar 16, 2022. It is now read-only.
1.254.0
cf-buildpacks-eng
released this
10 Dec 18:27
·
32 commits
to master
since this release
Notably, this release addresses:
USN-3840-1 USN-3840-1: OpenSSL vulnerabilities:
- CVE-2018-0734: The OpenSSL DSA signature algorithm has been shown to be vulnerable to atiming side channel attack. An attacker could use variations in the signingalgorithm to recover the private key. Fixed in OpenSSL 1.1.1a (Affected1.1.1). Fixed in OpenSSL 1.1.0j (Affected 1.1.0-1.1.0i). Fixed in OpenSSL1.0.2q (Affected 1.0.2-1.0.2p).
- CVE-2018-0735: The OpenSSL ECDSA signature algorithm has been shown to be vulnerable to atiming side channel attack. An attacker could use variations in the signingalgorithm to recover the private key. Fixed in OpenSSL 1.1.0j (Affected1.1.0-1.1.0i). Fixed in OpenSSL 1.1.1a (Affected 1.1.1).
- CVE-2018-5407: Simultaneous Multi-threading (SMT) in processors can enable local users toexploit software vulnerable to timing attacks via a side-channel timingattack on 'port contention'.
-ii libssl-dev:amd64 1.0.1f-1ubuntu2.26 amd64 Secure Sockets Layer toolkit - development files
-ii libssl1.0.0:amd64 1.0.1f-1ubuntu2.26 amd64 Secure Sockets Layer toolkit - shared libraries
+ii libssl-dev:amd64 1.0.1f-1ubuntu2.27 amd64 Secure Sockets Layer toolkit - development files
+ii libssl1.0.0:amd64 1.0.1f-1ubuntu2.27 amd64 Secure Sockets Layer toolkit - shared libraries
-ii openssl 1.0.1f-1ubuntu2.26 amd64 Secure Sockets Layer toolkit - cryptographic utility
+ii openssl 1.0.1f-1ubuntu2.27 amd64 Secure Sockets Layer toolkit - cryptographic utility