Fwd: openssl overflow

To: debian-security@lists.debian.org
Subject: Fwd: openssl overflow
From: suneo135@mail.goo.ne.jp
Date: 13 Aug 2002 10:51:52 +0900
Message-id: <[🔎] 20020813015152.96764.qmail@mail.goo.ne.jp>

Forwarded by suneo135

-------- Forwarded Message ---------



Package:openssl 
Version:0.9.6c-2 
Severity:critical 

Openssl 0.9.6f changes 

Changes between 0.9.6e and 0.9.6f [8 Aug 2002] 

*) Fix ASN1 checks. Check for overflow by comparing with LONG_MAX 
and get fix the header length calculation. 
[Florian Weimer <Weimer@CERT.Uni-Stuttgart.DE>, 
Alon Kantor <alonk@checkpoint.com> (and others), 
Steve Henson] 

*) Use proper error handling instead of \\\'assertions\\\' in buffer 
overflow checks added in 0.9.6e. This prevents DoS (the 
assertions could call abort()). 
[Arne Ansper <arne@ats.cyber.ee>, Bodo Moeller] 

Probably it is this pathc. 

http://marc.theaimsgroup.com/?l=openssl-cvs&m=102831422608153&w=2 

other 

http://rhn.redhat.com/errata/RHSA-2002-160.html 
 

 




--------- End of Forwarded Message ---------

Reply to:

Prev by Date: Re: Email Virus Scanner
Next by Date: Re: SubRPC vulnerability: is Debian libc6 affected?
Previous by thread: Re: Email Virus Scanner
Next by thread: opie: configuring server to use particular hash
Index(es):
- Date
- Thread