Upstream patch for OpenSSL race condition

Bug #676243 reported by Tod on 2010-11-16
8
This bug affects 1 person
Affects Status Importance Assigned to Milestone
openssl (Ubuntu)
High
Steve Beattie

Bug Description

Binary package hint: openssl

See details here:

http://openssl.org/news/secadv_20101116.txt

CVE-2010-3864

In fact, just attaching that as a patch.

Tod (todb) wrote :
Steve Beattie (sbeattie) on 2010-11-16
Changed in openssl (Ubuntu):
assignee: nobody → Steve Beattie (sbeattie)
status: New → In Progress
importance: Undecided → High
Changed in openssl (Ubuntu):
importance: High → Undecided
importance: Undecided → High
tags: added: patch
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package openssl - 0.9.8g-4ubuntu3.12

---------------
openssl (0.9.8g-4ubuntu3.12) hardy-security; urgency=low

  * SECURITY UPDATE: TLS race condition leading to a buffer overflow and
    possible code execution. (LP: #676243)
    - ssl/t1_lib.c: stricter NULL/not-NULL checking
    - http://openssl.org/news/secadv_20101116.txt
    - CVE-2010-3864
 -- Steve Beattie <email address hidden> Wed, 17 Nov 2010 09:02:39 -0800

Changed in openssl (Ubuntu):
status: In Progress → Fix Released
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers