Git-Url: http://git.frugalware.org/gitweb/gitweb.cgi?p=homepage-ng.git;a=commitdiff;h=745f011c9ef5e75485d75e0f1da76ff65e228c58
commit 745f011c9ef5e75485d75e0f1da76ff65e228c58 Author: Miklos Vajna <vmik...@frugalware.org> Date: Sun May 3 21:03:47 2009 +0200 FSA598-openssl diff --git a/frugalware/xml/security.xml b/frugalware/xml/security.xml index 740b532..83a416e 100644 --- a/frugalware/xml/security.xml +++ b/frugalware/xml/security.xml @@ -26,6 +26,23 @@ <fsas> <fsa> + <id>598</id> + <date>2009-05-03</date> + <author>Miklos Vajna</author> + <package>openssl</package> + <vulnerable>0.9.8-16</vulnerable> + <unaffected>0.9.8-17anacreon1</unaffected> + <bts>http://bugs.frugalware.org/task/3746</bts> + <cve>http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0590 + http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0591 + http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0789</cve> + <desc>Some vulnerabilities have been reported in OpenSSL, which can be exploited by malicious people to bypass certain security restrictions or cause a DoS (Denial of Service). +1) An error exists in the "ASN1_STRING_print_ex()" function when printing "BMPString" or "UniversalString" strings. This can be exploited to trigger an access to invalid memory and cause a crash via an illegal encoded string length when e.g. printing the contents of a certificate. +2) The "CMS_verify()" function incorrectly handles an error condition when processing malformed signed attributes. This can be exploited to trick an application into considering a malformed set of signed attributes valid and skip further checks. +Successful exploitation requires access to a previously generated invalid signature. +3) An error when processing malformed ASN1 structures can be exploited to trigger an access to invalid memory and cause a crash via a specially crafted certificate.</desc> + </fsa> + <fsa> <id>597</id> <date>2009-05-03</date> <author>Miklos Vajna</author> _______________________________________________ Frugalware-git mailing list Frugalware-git@frugalware.org http://frugalware.org/mailman/listinfo/frugalware-git