[Bug 146269] Re: [openssl security] OpenSSL SSL_get_shared_ciphers() off-by-one buffer overflow

Kees Cook Fri, 28 Sep 2007 17:15:49 -0700

openssl (0.9.8c-4ubuntu0.1) feisty-security; urgency=low

  [ Jamie Strandboge ]
  * SECURITY UPDATE: off-by-one error in SSL_get_shared_ciphers() results in
    buffer overflow
  * ssl/ssl_lib.c: applied upstream patch from openssl CVS thanks to
    Stephan Hermann
  * References:
    CVE-2007-5135
    http://www.securityfocus.com/archive/1/archive/1/480855/100/0/threaded
    Fixes LP: #146269
  * Modify Maintainer value to match the DebianMaintainerField
    specification.


  [ Kees Cook ]
  * SECURITY UPDATE: side-channel attacks via BN_from_montgomery function.
  * crypto/bn/bn_mont.c: upstream patch from openssl CVS thanks to Debian.
  * References
    CVE-2007-3108

 -- Kees Cook <[EMAIL PROTECTED]>   Fri, 28 Sep 2007 13:02:19 -0700

-- 
[openssl security] OpenSSL SSL_get_shared_ciphers() off-by-one buffer overflow
https://bugs.launchpad.net/bugs/146269
You received this bug notification because you are a member of Ubuntu
Bugs, which is the bug contact for Ubuntu.

-- 
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 146269] Re: [openssl security] OpenSSL SSL_get_shared_ciphers() off-by-one buffer overflow

Reply via email to