* SECURITY UPDATE: denial of service and possible code execution via
unchecked bn_wexpand return values. (LP: #655884)
- crypto/bn/{bn_mul,bn_div,bn_gf2m}.c, crypto/ec/ec2_smpl.c,
engines/e_ubsec.c: check return values.
- http://cvs.openssl.org/chngview?cn=18936
- http://cvs.openssl.org/chngview?cn=19309
- CVE-2009-3245
* SECURITY UPDATE: denial of service and possible code execution via
crafted private key with an invalid prime.
- ssl/s3_clnt.c: set bn_ctx to NULL after freeing it.
- http://<email address hidden>/msg28049.html
- CVE-2010-2939
-- Marc Deslauriers <email address hidden> Wed, 06 Oct 2010 17:38:20 -0400
This bug was fixed in the package openssl - 0.9.8g-16ubuntu3.3
--------------- 16ubuntu3. 3) karmic-security; urgency=low
openssl (0.9.8g-
* SECURITY UPDATE: denial of service and possible code execution via bn/{bn_ mul,bn_ div,bn_ gf2m}.c, crypto/ ec/ec2_ smpl.c, e_ubsec. c: check return values. cvs.openssl. org/chngview? cn=18936 cvs.openssl. org/chngview? cn=19309 /msg28049. html
unchecked bn_wexpand return values. (LP: #655884)
- crypto/
engines/
- http://
- http://
- CVE-2009-3245
* SECURITY UPDATE: denial of service and possible code execution via
crafted private key with an invalid prime.
- ssl/s3_clnt.c: set bn_ctx to NULL after freeing it.
- http://<email address hidden>
- CVE-2010-2939
-- Marc Deslauriers <email address hidden> Wed, 06 Oct 2010 17:38:20 -0400