[Bug 1626883] Re: libssl 1.0.2g-1ubuntu4.4 and 1.0.1f-1ubuntu2.20 cause PHP SSL cert validation to segfault

2016-09-26 Thread Marc Deslauriers
> This experience makes me wonder how patches for the -security suites (default for unattended-upgrades) are tested and QA'ed. Can anything be done to the Ubuntu process to prevent things like this happening again? For OpenSSL, we run it through a test suite and also test it with commonly run soft

[Bug 1626883] Re: libssl 1.0.2g-1ubuntu4.4 and 1.0.1f-1ubuntu2.20 cause PHP SSL cert validation to segfault

2016-09-26 Thread Mikkel Kirkgaard Nielsen
Thanks for the fix. I too can verify that our system doesn't segfault on Ubuntu 14.04 (trusty) using latest libssl1.0.0 (=1.0.1f-1ubuntu2.21); # dpkg -l |grep libssl1.0.0 ii libssl1.0.0:amd64 1.0.1f-1ubuntu2.21 amd64Secure Sockets L

[Bug 1626883] Re: libssl 1.0.2g-1ubuntu4.4 and 1.0.1f-1ubuntu2.20 cause PHP SSL cert validation to segfault

2016-09-25 Thread Olli Salli
Thank you. I can verify libssl1.0.0 1.0.2g-1ubuntu4.5 no longer exhibits the crash: jenkins@ubuntutemplate:/var/lib/jenkins/workspace/imt-erp-e2e-flaky/webshop/vagrant/wordpress$ apt-cache policy libssl1.0.0 libssl1.0.0: Installed: 1.0.2g-1ubuntu4.5 Candidate: 1.0.2g-1ubuntu4.5 Version tabl

[Bug 1626883] Re: libssl 1.0.2g-1ubuntu4.4 and 1.0.1f-1ubuntu2.20 cause PHP SSL cert validation to segfault

2016-09-24 Thread Mathew Hodson
** No longer affects: openssl (Ubuntu Yakkety) ** Changed in: openssl (Ubuntu) Status: Invalid => Fix Released ** Tags added: regression-update -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/16

[Bug 1626883] Re: libssl 1.0.2g-1ubuntu4.4 and 1.0.1f-1ubuntu2.20 cause PHP SSL cert validation to segfault

2016-09-23 Thread Marc Deslauriers
** Changed in: openssl (Ubuntu Yakkety) Status: Confirmed => Invalid -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1626883 Title: libssl 1.0.2g-1ubuntu4.4 and 1.0.1f-1ubuntu2.20 cause PHP SSL

[Bug 1626883] Re: libssl 1.0.2g-1ubuntu4.4 and 1.0.1f-1ubuntu2.20 cause PHP SSL cert validation to segfault

2016-09-23 Thread Launchpad Bug Tracker
This bug was fixed in the package openssl - 1.0.2g-1ubuntu4.5 --- openssl (1.0.2g-1ubuntu4.5) xenial-security; urgency=medium * SECURITY REGRESSION: incomplete fix for CVE-2016-2182 (LP: #1626883) - debian/patches/CVE-2016-2182-2.patch: fix off-by-one in overflow check in

[Bug 1626883] Re: libssl 1.0.2g-1ubuntu4.4 and 1.0.1f-1ubuntu2.20 cause PHP SSL cert validation to segfault

2016-09-23 Thread Launchpad Bug Tracker
This bug was fixed in the package openssl - 1.0.1f-1ubuntu2.21 --- openssl (1.0.1f-1ubuntu2.21) trusty-security; urgency=medium * SECURITY REGRESSION: incomplete fix for CVE-2016-2182 (LP: #1626883) - debian/patches/CVE-2016-2182-2.patch: fix off-by-one in overflow check i

[Bug 1626883] Re: libssl 1.0.2g-1ubuntu4.4 and 1.0.1f-1ubuntu2.20 cause PHP SSL cert validation to segfault

2016-09-23 Thread Launchpad Bug Tracker
This bug was fixed in the package openssl - 1.0.1-4ubuntu5.38 --- openssl (1.0.1-4ubuntu5.38) precise-security; urgency=medium * SECURITY REGRESSION: incomplete fix for CVE-2016-2182 (LP: #1626883) - debian/patches/CVE-2016-2182-2.patch: fix off-by-one in overflow check in

[Bug 1626883] Re: libssl 1.0.2g-1ubuntu4.4 and 1.0.1f-1ubuntu2.20 cause PHP SSL cert validation to segfault

2016-09-23 Thread Marc Deslauriers
Packages that fix this issue are currently being built in the security team PPA: https://launchpad.net/~ubuntu-security- proposed/+archive/ubuntu/ppa/+packages They will be published as soon as they finish building and have gone through QA. -- You received this bug notification because you are

[Bug 1626883] Re: libssl 1.0.2g-1ubuntu4.4 and 1.0.1f-1ubuntu2.20 cause PHP SSL cert validation to segfault

2016-09-23 Thread vdloo
Can confirm that this affects 1.0.1-4ubuntu5.37 on 12.04 Reproducible by trying to openssl_x509_parse the ssl cert for sourceforge with PHP 5.5.30-1+deb.sury.org~precise+1 $ openssl s_client -connect sourceforge.net:443 cert.txt $ echo " segfault.php $ php segfault.php Segmentation fault (core

[Bug 1626883] Re: libssl 1.0.2g-1ubuntu4.4 and 1.0.1f-1ubuntu2.20 cause PHP SSL cert validation to segfault

2016-09-23 Thread Marc Deslauriers
** Also affects: openssl (Ubuntu Trusty) Importance: Undecided Status: New ** Also affects: openssl (Ubuntu Yakkety) Importance: Medium Assignee: Marc Deslauriers (mdeslaur) Status: Confirmed ** Also affects: openssl (Ubuntu Precise) Importance: Undecided Status

[Bug 1626883] Re: libssl 1.0.2g-1ubuntu4.4 and 1.0.1f-1ubuntu2.20 cause PHP SSL cert validation to segfault

2016-09-23 Thread Andreas Rütten
Also affected 1.0.1-4ubuntu5.37 on 12.04 -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1626883 Title: libssl 1.0.2g-1ubuntu4.4 and 1.0.1f-1ubuntu2.20 cause PHP SSL cert validation to segfault To

[Bug 1626883] Re: libssl 1.0.2g-1ubuntu4.4 and 1.0.1f-1ubuntu2.20 cause PHP SSL cert validation to segfault

2016-09-23 Thread Marc Deslauriers
I can reproduce this and will release an updated openssl package today. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1626883 Title: libssl 1.0.2g-1ubuntu4.4 and 1.0.1f-1ubuntu2.20 cause PHP SSL cer

[Bug 1626883] Re: libssl 1.0.2g-1ubuntu4.4 and 1.0.1f-1ubuntu2.20 cause PHP SSL cert validation to segfault

2016-09-23 Thread Marc Deslauriers
** Changed in: openssl (Ubuntu) Assignee: (unassigned) => Marc Deslauriers (mdeslaur) -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1626883 Title: libssl 1.0.2g-1ubuntu4.4 and 1.0.1f-1ubuntu2.2

[Bug 1626883] Re: libssl 1.0.2g-1ubuntu4.4 and 1.0.1f-1ubuntu2.20 cause PHP SSL cert validation to segfault

2016-09-23 Thread Mikkel Kirkgaard Nielsen
Thanks @ollisa. I had the same thoughts about 1.0.1f-1ubuntu2 so I found a downloadable build at https://launchpad.net/ubuntu/+source/openssl/1.0.1f- 1ubuntu2.19. Installing just the ubuntu2.19 version of libssl1.0.0 solved the issue; wget https://launchpad.net/~ubuntu-security/+archive/ubuntu/p

[Bug 1626883] Re: libssl 1.0.2g-1ubuntu4.4 and 1.0.1f-1ubuntu2.20 cause PHP SSL cert validation to segfault

2016-09-23 Thread Olli Salli
** Summary changed: - libssl 1.0.2g-1ubuntu4.4 causes PHP7 SSL cert validation to segfault + libssl 1.0.2g-1ubuntu4.4 and 1.0.1f-1ubuntu2.20 cause PHP SSL cert validation to segfault -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. ht