[Pkg-openssl-devel] Bug#539449: openssl: vulnerable to null character certificate spoofing
Michael S. Gilbert
michael.s.gilbert at gmail.com
Fri Jul 31 23:00:11 UTC 2009
package: openssl
version: 0.9.8
severity: important
tags: security
it has been disclosed that ssl applications can be tricked via
inauthentic certificates containing null characters [0]. i have not
personally checked whether openssl is affected by this, but since this
is newly disclosed, it is very likely the case. please check and fix
if need be. thanks.
More information about the Pkg-openssl-devel
mailing list