[Pkg-openssl-devel] Bug#522002: openssl: CVE-2009-0590 denial of service
Michael S. Gilbert
michael.s.gilbert at gmail.com
Tue Mar 31 04:03:42 UTC 2009
Package: openssl
Severity: important
Tags: security
Hi,
the following CVE (Common Vulnerabilities & Exposures) id was
published for openssl.
CVE-2009-0590[0]:
The ASN1_STRING_print_ex function in OpenSSL before 0.9.8k allows
remote attackers to cause a denial of service (invalid memory access
and application crash) via vectors that trigger printing of a (1)
BMPString or (2) UniversalString with an invalid encoded length.
This was just fixed in ubuntu [1]. Please coordinate with the
security team to release fixes for the stable releases.
If you fix the vulnerability please also make sure to include the
CVE id in your changelog entry.
For further information see:
[0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0590
http://security-tracker.debian.net/tracker/CVE-2009-0590
[1] http://www.ubuntu.com/usn/usn-750-1
More information about the Pkg-openssl-devel
mailing list