openssl (0.9.8e-5ubuntu2) gutsy; urgency=low
[ Jamie Strandboge ]
* SECURITY UPDATE: off-by-one error in SSL_get_shared_ciphers() results in
buffer overflow
* ssl/ssl_lib.c: applied upstream patch from openssl CVS thanks to
Stephan Hermann
* References:
CVE-2007-5135
http://www.securityfocus.com/archive/1/archive/1/480855/100/0/threaded
Fixes LP: #146269
* Modify Maintainer value to match the DebianMaintainerField
specification.
[ Kees Cook ]
* SECURITY UPDATE: side-channel attacks via BN_from_montgomery function.
* crypto/bn/bn_mont.c: upstream patch from openssl CVS thanks to Debian.
* References
CVE-2007-3108
-- Kees Cook <[EMAIL PROTECTED]> Fri, 28 Sep 2007 13:02:19 -0700
** Changed in: openssl (Ubuntu)
Status: New => Fix Released
** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2007-3108
** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2007-5135
--
[openssl security] OpenSSL SSL_get_shared_ciphers() off-by-one buffer overflow
https://bugs.launchpad.net/bugs/146269
You received this bug notification because you are a member of Ubuntu
Bugs, which is the bug contact for Ubuntu.
--
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
