Launchpad.net

Launchpad Home
Code
Bugs
Blueprints
Translations
Answers

CVE 2013-6449

The ssl_get_algorithm2 function in ssl/s3_lib.c in OpenSSL before 1.0.2 obtains a certain version number from an incorrect data structure, which allows remote attackers to cause a denial of service (daemon crash) via crafted traffic from a TLS 1.2 client.

Related bugs and status

CVE-2013-6449 (Candidate) is related to these bugs:

Bug #1256576: Ubuntu 12.04 LTS: OpenSSL downlevel version is 1.0.0, and does not support TLS 1.2

Summary				In	Importance	Status
	1256576	Ubuntu 12.04 LTS: OpenSSL downlevel version is 1.0.0, and does not support TLS 1.2		openssl (Ubuntu)	Wishlist	Fix Released

Bug #1811531: remote execution vulnerability

		In	Importance	Status
1811531	remote execution vulnerability	zeromq3 (Ubuntu)	Undecided	Fix Released
1811531	remote execution vulnerability	zeromq3 (Debian)	Unknown	Fix Released
1811531	remote execution vulnerability	zeromq (Suse)	High	Fix Released

See the

CVE page on Mitre.org for more details.

References

CONFIRM: http://git.openssl.org...
CONFIRM: https://bugzilla.redha...
CONFIRM: https://issues.apache....
DEBIAN: DSA-2833
FEDORA: FEDORA-2013-23768
FEDORA: FEDORA-2013-23788
FEDORA: FEDORA-2013-23794
SUSE: openSUSE-SU-2014:0012
SUSE: openSUSE-SU-2014:0015
SUSE: openSUSE-SU-2014:0018
BID: 64530
SECTRACK: 1029548
REDHAT: RHSA-2014:0015
SUSE: openSUSE-SU-2014:0048
UBUNTU: USN-2079-1
REDHAT: RHSA-2014:0041
CONFIRM: http://www.oracle.com/...
CONFIRM: http://www-01.ibm.com/...
CONFIRM: http://www-01.ibm.com/...
FULLDISC: 20141205 NEW: VMSA-201...
CONFIRM: http://www.vmware.com/...
CONFIRM: http://www.oracle.com/...
GENTOO: GLSA-201412-39
FEDORA: FEDORA-2014-9301
FEDORA: FEDORA-2014-9308
CONFIRM: http://rt.openssl.org/...
BUGTRAQ: 20141205 NEW: VMSA-201...