Ubuntu
openssl package

  1. Bug #235913
  2. Comment #4

Comment 4 for bug 235913

Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package openssl - 0.9.8g-4ubuntu3.3

---------------
openssl (0.9.8g-4ubuntu3.3) hardy-security; urgency=low

  * SECURITY UPDATE: fix denial of service when 'Server Key exchange message'
    is omitted from a TLS handshake
  * ssl/s3_clnt.c: make sure s->session->sess_cert is not NULL
  * SECURITY UPDATE: fix denial of service when using tlsext. Note that
    this version of openssl does not use tlsext by default.
  * ssl/t1_lib.c: make sure s->session->tlsext_hostname is set to NULL to
    prevent double free.
  * References
    CVE-2008-1672
    CVE-2008-0891
    LP: #235913

 -- Jamie Strandboge <email address hidden> Thu, 19 Jun 2008 14:35:20 -0400