[Pkg-openssl-devel] Bug#522002: Bug#522002: openssl: CVE-2009-0590 denial of service
Kurt Roeckx
kurt at roeckx.be
Wed Apr 1 20:38:26 UTC 2009
On Wed, Apr 01, 2009 at 07:14:06PM +0200, Kurt Roeckx wrote:
> On Tue, Mar 31, 2009 at 12:03:42AM -0400, Michael S. Gilbert wrote:
> > Package: openssl
> > Severity: important
> > Tags: security
> >
> > Hi,
> > the following CVE (Common Vulnerabilities & Exposures) id was
> > published for openssl.
> >
> > CVE-2009-0590[0]:
> > The ASN1_STRING_print_ex function in OpenSSL before 0.9.8k allows
> > remote attackers to cause a denial of service (invalid memory access
> > and application crash) via vectors that trigger printing of a (1)
> > BMPString or (2) UniversalString with an invalid encoded length.
Hi,
I've put up packages for oldstable and stable at:
http://people.debian.org/~kroeckx/openssl/CVE-2009-0590/
I'll also upload version 0.9.8g-16 to unstable shortly.
Kurt
More information about the Pkg-openssl-devel
mailing list