This bug was fixed in the package openssl - 0.9.8g-4ubuntu3.3
---------------
openssl (0.9.8g-4ubuntu3.3) hardy-security; urgency=low
* SECURITY UPDATE: fix denial of service when 'Server Key exchange message'
is omitted from a TLS handshake
* ssl/s3_clnt.c: make sure s->session->sess_cert is not NULL
* SECURITY UPDATE: fix denial of service when using tlsext. Note that
this version of openssl does not use tlsext by default.
* ssl/t1_lib.c: make sure s->session->tlsext_hostname is set to NULL to
prevent double free.
* References
CVE-2008-1672
CVE-2008-0891
LP: #235913
-- Jamie Strandboge <[EMAIL PROTECTED]> Thu, 19 Jun 2008 14:35:20
-0400
** Changed in: openssl (Ubuntu Hardy)
Status: Fix Committed => Fix Released
--
[CVE-2008-0891, CVE-2008-1672] OpenSSL denial of service vulnerabilities
(crashes)
https://bugs.launchpad.net/bugs/235913
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
--
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
