Fwd: openssl overflow
Forwarded by suneo135
-------- Forwarded Message ---------
Package:openssl
Version:0.9.6c-2
Severity:critical
Openssl 0.9.6f changes
Changes between 0.9.6e and 0.9.6f [8 Aug 2002]
*) Fix ASN1 checks. Check for overflow by comparing with LONG_MAX
and get fix the header length calculation.
[Florian Weimer <Weimer@CERT.Uni-Stuttgart.DE>,
Alon Kantor <alonk@checkpoint.com> (and others),
Steve Henson]
*) Use proper error handling instead of \\\'assertions\\\' in buffer
overflow checks added in 0.9.6e. This prevents DoS (the
assertions could call abort()).
[Arne Ansper <arne@ats.cyber.ee>, Bodo Moeller]
Probably it is this pathc.
http://marc.theaimsgroup.com/?l=openssl-cvs&m=102831422608153&w=2
other
http://rhn.redhat.com/errata/RHSA-2002-160.html
--------- End of Forwarded Message ---------
Reply to: