Upstream patch for OpenSSL race condition
Bug #676243 reported by
Tod
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
openssl (Ubuntu) |
Fix Released
|
High
|
Steve Beattie |
Bug Description
Binary package hint: openssl
See details here:
http://
CVE-2010-3864
In fact, just attaching that as a patch.
CVE References
Changed in openssl (Ubuntu): | |
assignee: | nobody → Steve Beattie (sbeattie) |
status: | New → In Progress |
importance: | Undecided → High |
Changed in openssl (Ubuntu): | |
importance: | High → Undecided |
importance: | Undecided → High |
tags: | added: patch |
To post a comment you must log in.
This bug was fixed in the package openssl - 0.9.8g-4ubuntu3.12
--------------- 4ubuntu3. 12) hardy-security; urgency=low
openssl (0.9.8g-
* SECURITY UPDATE: TLS race condition leading to a buffer overflow and openssl. org/news/ secadv_ 20101116. txt
possible code execution. (LP: #676243)
- ssl/t1_lib.c: stricter NULL/not-NULL checking
- http://
- CVE-2010-3864
-- Steve Beattie <email address hidden> Wed, 17 Nov 2010 09:02:39 -0800