Ubuntu

[CVE-2008-0891, CVE-2008-1672] OpenSSL denial of service vulnerabilities (crashes)

Reported by Alexander Konovalenko on 2008-05-30
256
Affects Status Importance Assigned to Milestone
openssl (Ubuntu)
Undecided
Unassigned
Hardy
Undecided
Jamie Strandboge

Bug Description

Binary package hint: openssl

CVE-2008-0891 description:

"Double free vulnerability in OpenSSL 0.9.8f and 0.9.8g, when the TLS server name extensions are enabled, allows remote attackers to cause a denial of service (crash) via a crafted packet. NOTE: some of these details are obtained from third party information."

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0891

CVE-2008-1672 description:

"OpenSSL 0.9.8f and 0.9.8g allows remote attackers to cause a denial of service (crash) via a TLS handshake that omits the Server Key Exchange message and uses "particular cipher suites." "

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1672

Upstream advisory: http://www.openssl.org/news/secadv_20080528.txt

Does this apply to Hardy?

CVE References

Jamie Strandboge (jdstrand) wrote :

Thank you for using Ubuntu and taking the time to report a bug. This was fixed in 0.9.8g-10.1, and Intrepid now has 0.9.8g-10.1ubuntu1.

Changed in openssl:
status: New → Fix Released
Jamie Strandboge (jdstrand) wrote :

Hardy is not affected by CVE-2008-1672, because it is not compiled with enable-tlsext (this change was introduced in 0.9.8g-5.

Changed in openssl:
assignee: nobody → jdstrand
status: New → In Progress
Changed in openssl:
status: In Progress → Fix Committed
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package openssl - 0.9.8g-4ubuntu3.3

---------------
openssl (0.9.8g-4ubuntu3.3) hardy-security; urgency=low

  * SECURITY UPDATE: fix denial of service when 'Server Key exchange message'
    is omitted from a TLS handshake
  * ssl/s3_clnt.c: make sure s->session->sess_cert is not NULL
  * SECURITY UPDATE: fix denial of service when using tlsext. Note that
    this version of openssl does not use tlsext by default.
  * ssl/t1_lib.c: make sure s->session->tlsext_hostname is set to NULL to
    prevent double free.
  * References
    CVE-2008-1672
    CVE-2008-0891
    LP: #235913

 -- Jamie Strandboge <email address hidden> Thu, 19 Jun 2008 14:35:20 -0400

Changed in openssl:
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public Security information  Edit
Everyone can see this security related information.

Other bug subscribers