Ubuntu Security Notice 620-1 - It was discovered that OpenSSL was vulnerable to a double-free when using TLS server extensions. A remote attacker could send a crafted packet and cause a denial of service via application crash in applications linked against OpenSSL. Ubuntu 8.04 LTS does not compile TLS server extensions by default. It was discovered that OpenSSL could dereference a NULL pointer. If a user or automated system were tricked into connecting to a malicious server with particular cipher suites, a remote attacker could cause a denial of service via application crash.
72170722e776b145006331ae044204adfd085193899ab5cd2025bfbf47c1c984Gentoo Linux Security Advisory GLSA 200806-08 - Two vulnerabilities might allow for a Denial of Service of daemons using OpenSSL. Versions less than 0.9.8g-r2 are affected.
7664ad70235983374bbdbf815ae92110b1de95471cb80859ff163b65d1ddf4f3Mandriva Linux Security Advisory - Testing using the Codenomicon TLS test suite discovered a flaw in the handling of server name extension data in OpenSSL 0.9.8f and OpenSSL 0.9.8g. If OpenSSL has been compiled using the non-default TLS server name extensions, a remote attacker could send a carefully crafted packet to a server application using OpenSSL and cause a crash. Testing using the Codenomicon TLS test suite discovered a flaw if the 'Server Key exchange message' is omitted from a TLS handshake in OpenSSL 0.9.8f and OpenSSL 0.9.8g. If a client connects to a malicious server with particular cipher suites, the server could cause the client to crash.
f38d910dc5c5925111a882ed8ce3f03bfbf1fe2151199af18fec14ecacb6b3f0OpenSSL Security Advisory - Two moderate severity security flaws have been fixed in OpenSSL 0.9.8h. Testing using the Codenomicon TLS test suite discovered a flaw in the handling of server name extension data in OpenSSL 0.9.8f and OpenSSL 0.9.8g. Testing using the Codenomicon TLS test suite discovered a flaw if the 'Server Key exchange message' is omitted from a TLS handshake in OpenSSL 0.9.8f and OpenSSL 0.9.8g.
798bc0606364fec82629c9cbf4774497ca88fe671a7f59a54d0c210d236374c8OpenSSL is a robust, fully featured Open Source toolkit implementing the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols with full-strength cryptography world-wide.
224e1ca3aeeda8acc72e5c48b34843904b9d585aaadb4d5a15524c25f6c6a1ce
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed