[Pkg-openssl-devel] Bug#575433: openssl: OpenSSL does not check for a NULL return value from bn_wexpand function calls
A. Maitland Bottoms
bottoms at debian.org
Thu Mar 25 18:45:41 UTC 2010
Package: openssl
Version: 0.9.8g-15+lenny6
Tags: lenny,security,patch
This bug report is based upon CVE-2009-3245
OpenSSL before 0.9.8m does not check for a NULL return value from bn_wexpand function calls in (1) crypto/bn/bn_div.c, (2) crypto/bn/bn_gf2m.c, (3) crypto/ec/ec2_smpl.c, and (4) engines/e_ubsec.c, which
has unspecified impact and context-dependent attack vectors.
http://security-tracker.debian.org/tracker/CVE-2009-3245
While the security-tracker includes a "Minor issue" comment in the notes, the CVE
states "NVD severity high (attack range: remote)" so perhaps there should
be a security update for the version in Debian stable.
The upstream fixes are available, visible from
http://cvs.openssl.org/chngview?cn=19309
and that changeset applies cleanly to the .c files in the stable
Debian 0.9.8g-15+lenny6 source. And is attached to this message.
-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: openssl_patchset_19309.diff
URL: <http://lists.alioth.debian.org/pipermail/pkg-openssl-devel/attachments/20100325/0c718a64/attachment.txt>
More information about the Pkg-openssl-devel
mailing list