[Pkg-openssl-devel] Bug#645805: Potential DTLS crasher bug
Florian Weimer
fw at deneb.enyo.de
Tue Oct 18 18:24:30 UTC 2011
Package: libssl0.9.8
Version: 0.9.8o-4squeeze3
It seems that there's a remotely triggerable OPENSSL_assert() in the
DTLS code:
| The reception of incomplete or incorrectly formatted DTLS fragments
| is handled with an OPENSSL_assert(), causing the program to exit
| rather then just terminating the connection. This patch exchanges
| the asserts with unexpected message and illegal parameter alerts.
<http://rt.openssl.org/Ticket/Display.html?id=2625&user=guest&pass=guest>
I don't know how functional the DTLS code in squeeze is, perhaps it's
necessary to fix this there, too.
More information about the Pkg-openssl-devel
mailing list