LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Sponsored link

Vyatta – Linux & Open Source Alternative to Cisco – Advanced Routing, Firewall, VPN, QoS..
Free Download ->

Recent Features

LWN.net Weekly Edition for September 4, 2008

The Kernel Hacker's Bookshelf: UNIX Internals

DRI, BSD, and Linux

SCHED_FIFO and realtime throttling

LWN.net Weekly Edition for August 28, 2008

Printable page
Weekly edition Kernel Security Distributions Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ

openssl: vulnerabilities in ASN.1 code

Package(s):openssl CVE #(s):CAN-2003-0543 CAN-2003-0544 CAN-2003-0545
Created:September 30, 2003 Updated:November 4, 2003
Description: Vulnerabilities have been found in OpenSSL ASN.1 code. This advisory contains details of 4 separate problems in versions of OpenSSL up to and including 0.9.6j and 0.9.7b and all versions of SSLeay.

An attack against other applications that use OpenSSL could result in a Denial of Service. See CAN-2003-0543 and CAN-2003-0544.

It may be possible for an attacker to exploit this issue to execute arbitrary code. See CAN-2003-0545.

CERT has an updated OpenSSL advisory identifying additional OpenSSL vulnerabilities.

Alerts:
EnGarde ESA-20031104-029 2003-11-04
Debian DSA-394-1 2003-10-11
Conectiva CLA-2003:759 2003-10-03
EnGarde ESA-20031003-028 2003-10-03
Tawie 2003-0001 2003-10-02
SuSE SuSE-SA:2003:043 2003-10-01
Slackware SSA:2003-273-01 2003-09-30
Mandrake MDKSA-2003:098 2003-09-30
Gentoo 200309-19 2003-10-01
Debian DSA-393-1 2003-10-01
Conectiva CLA-2003:751 2003-09-30
EnGarde ESA-20030930-027 2003-09-30
Immunix IMNX-2003-7+-022-01 2003-09-29
OpenPKG OpenPKG-SA-2003.044 2003-09-30
Red Hat RHSA-2003:292-01 2003-09-30
Red Hat RHSA-2003:291-01 2003-09-30
(Log in to post comments)

Copyright © 2008, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds