*** This bug is a security vulnerability *** Public security bug reported:
Binary package hint: openssl CVE-2008-0891 description: "Double free vulnerability in OpenSSL 0.9.8f and 0.9.8g, when the TLS server name extensions are enabled, allows remote attackers to cause a denial of service (crash) via a crafted packet. NOTE: some of these details are obtained from third party information." http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0891 CVE-2008-1672 description: "OpenSSL 0.9.8f and 0.9.8g allows remote attackers to cause a denial of service (crash) via a TLS handshake that omits the Server Key Exchange message and uses "particular cipher suites." " http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1672 Upstream advisory: http://www.openssl.org/news/secadv_20080528.txt Does this apply to Hardy? ** Affects: openssl (Ubuntu) Importance: Undecided Status: New ** Visibility changed to: Public ** CVE added: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2008-0891 ** CVE added: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2008-1672 -- [CVE-2008-0891, CVE-2008-1672] OpenSSL denial of service vulnerabilities (crashes) https://bugs.launchpad.net/bugs/235913 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
