Ubuntu
openssl097 package

  1. Gutsy (7.10)
  2. Bug #146269
  3. Comment #11

Comment 11 for bug 146269

Revision history for this message
Kees Cook (kees) wrote :

openssl (0.9.8e-5ubuntu2) gutsy; urgency=low

  [ Jamie Strandboge ]
  * SECURITY UPDATE: off-by-one error in SSL_get_shared_ciphers() results in
    buffer overflow
  * ssl/ssl_lib.c: applied upstream patch from openssl CVS thanks to
    Stephan Hermann
  * References:
    CVE-2007-5135
    http://www.securityfocus.com/archive/1/archive/1/480855/100/0/threaded
    Fixes LP: #146269
  * Modify Maintainer value to match the DebianMaintainerField
    specification.

  [ Kees Cook ]
  * SECURITY UPDATE: side-channel attacks via BN_from_montgomery function.
  * crypto/bn/bn_mont.c: upstream patch from openssl CVS thanks to Debian.
  * References
    CVE-2007-3108

 -- Kees Cook <email address hidden> Fri, 28 Sep 2007 13:02:19 -0700