This bug was fixed in the package openssl - 0.9.8g-16ubuntu3.3
---------------
openssl (0.9.8g-16ubuntu3.3) karmic-security; urgency=low
* SECURITY UPDATE: denial of service and possible code execution via
unchecked bn_wexpand return values. (LP: #655884)
- crypto/bn/{bn_mul,bn_div,bn_gf2m}.c, crypto/ec/ec2_smpl.c,
engines/e_ubsec.c: check return values.
- http://cvs.openssl.org/chngview?cn=18936
- http://cvs.openssl.org/chngview?cn=19309
- CVE-2009-3245
* SECURITY UPDATE: denial of service and possible code execution via
crafted private key with an invalid prime.
- ssl/s3_clnt.c: set bn_ctx to NULL after freeing it.
- http://www.mail-archive.com/[email protected]/msg28049.html
- CVE-2010-2939
-- Marc Deslauriers <[email protected]> Wed, 06 Oct 2010 17:38:20
-0400
** Changed in: openssl (Ubuntu Karmic)
Status: Confirmed => Fix Released
** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2010-2939
** Changed in: openssl (Ubuntu Jaunty)
Status: Confirmed => Fix Released
--
CVE-2009-3245 not fixed for 8.04LTS
https://bugs.launchpad.net/bugs/655884
You received this bug notification because you are a member of Ubuntu
Bugs, which is a direct subscriber.
--
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
