|
|
Subscribe / Log in / New account

openssl: multiple vulnerabilities

Package(s):openssl CVE #(s):CVE-2008-0891 CVE-2008-1672
Created:May 29, 2008 Updated:January 8, 2009
Description: From the Mandriva alert:

Testing using the Codenomicon TLS test suite discovered a flaw in the handling of server name extension data in OpenSSL 0.9.8f and OpenSSL 0.9.8g. If OpenSSL has been compiled using the non-default TLS server name extensions, a remote attacker could send a carefully crafted packet to a server application using OpenSSL and cause a crash. (CVE-2008-0891)

Testing using the Codenomicon TLS test suite discovered a flaw if the 'Server Key exchange message' is omitted from a TLS handshake in OpenSSL 0.9.8f and OpenSSL 0.9.8g. If a client connects to a malicious server with particular cipher suites, the server could cause the client to crash. (CVE-2008-1672)

Alerts:
Fedora FEDORA-2009-0325 openssl 2009-01-08
Slackware SSA:2008-210-08 openssl 2008-07-29
Ubuntu USN-620-1 openssl 2008-06-26
Gentoo 200806-08 openssl 2008-06-23
rPath rPSA-2008-0181-1 openssl 2008-06-02
Fedora FEDORA-2008-4723 openssl 2008-05-30
Mandriva MDVSA-2008:107 openssl 2008-05-28
to post comments


Copyright © 2025, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds