** Description changed: - We're experiencing deadlocks in Ubuntu 12.04 at our customers. After - some investigation, a known bug in OpenSSL 1.0.1c (and other versions) - is causing this. The bug itself was known since one day after this - release (11th of May this year). + [SRU request] + + [Impact] + A deadlock exists in the public key decoding code of openssl in Precise and Quantal. Users of openssl is environments where a large number of keys are being processed may hit it, causing the application to hang. This has been fixed in the development release by backporting a trivial patch from upstream. + + [Test Case] + There is currently no known reliable way of reproducing the deadlock. + The openssl test suite passes with the patch, and the QRT scripts have been run successfully. + + [Regression Potential] + The patch is trivial, and shouldn't cause any regressions. It has been used in a couple of upstream releases so far. If the patch does introduce a regression, it would affect public key decoding and would be apparent. + + + Original report: + We're experiencing deadlocks in Ubuntu 12.04 at our customers. After some investigation, a known bug in OpenSSL 1.0.1c (and other versions) is causing this. The bug itself was known since one day after this release (11th of May this year). OpenSSL bug report: http://rt.openssl.org/Ticket/Display.html?id=2813&user=guest&pass=guest Commit that fixes the issue in OpenSSL 1.0.1: http://cvs.openssl.org/chngview?cn=22570 For now, we're distributing a modified version of the OpenSSL packages for Ubuntu, but of course we're not the only ones with this bug.
-- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1066032 Title: Deadlock when reading a public key To manage notifications about this bug go to: https://bugs.launchpad.net/openssl/+bug/1066032/+subscriptions -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
