Launchpad.net

CVE 2009-0050

Lasso 2.2.1 and earlier does not properly check the return value from the OpenSSL DSA_verify function, which allows remote attackers to bypass validation of the certificate chain via a malformed SSL/TLS signature, a similar vulnerability to CVE-2008-5077.

Related bugs and status

CVE-2009-0050 (Candidate) is related to these bugs:

Bug #317181: [CVE-2009-0050] - Lasso 2.2.1 and earlier does not properly check the return value from the OpenSSL DSA_verify function

		In	Importance	Status
317181	[CVE-2009-0050] - Lasso 2.2.1 and earlier does not properly check the return value from the OpenSSL DSA_verify function	lasso (Ubuntu)	Undecided	Fix Released
317181	[CVE-2009-0050] - Lasso 2.2.1 and earlier does not properly check the return value from the OpenSSL DSA_verify function	lasso (Ubuntu Dapper)	Undecided	Fix Released
317181	[CVE-2009-0050] - Lasso 2.2.1 and earlier does not properly check the return value from the OpenSSL DSA_verify function	lasso (Ubuntu Gutsy)	Undecided	Fix Released
317181	[CVE-2009-0050] - Lasso 2.2.1 and earlier does not properly check the return value from the OpenSSL DSA_verify function	lasso (Ubuntu Hardy)	Undecided	Fix Released
317181	[CVE-2009-0050] - Lasso 2.2.1 and earlier does not properly check the return value from the OpenSSL DSA_verify function	lasso (Ubuntu Intrepid)	Undecided	Fix Released
317181	[CVE-2009-0050] - Lasso 2.2.1 and earlier does not properly check the return value from the OpenSSL DSA_verify function	lasso (Ubuntu Jaunty)	Undecided	Fix Released

Bug #1610286: [MIR] libapache2-mod-auth-mellon, liblasso3

Summary				In	Importance	Status
	1610286	[MIR] libapache2-mod-auth-mellon, liblasso3		libapache2-mod-auth-mellon (Ubuntu)	Medium	Fix Released
	1610286	[MIR] libapache2-mod-auth-mellon, liblasso3		lasso (Ubuntu)	Medium	Fix Released

See the

CVE page on Mitre.org for more details.

Launchpad.net

CVE 2009-0050

Related bugs and status

Related bugs

References