Ubuntu
openssl package

Upstream patch for OpenSSL race condition

Bug #676243 reported by Tod on 2010-11-16

8

This bug affects 1 person

Affects		Status	Importance	Assigned to	Milestone
	openssl (Ubuntu)	Fix Released	High	Steve Beattie

Bug Description

Binary package hint: openssl

See details here:

http://openssl.org/news/secadv_20101116.txt

CVE-2010-3864

In fact, just attaching that as a patch.

Tags:

Related branches

lp:ubuntu/natty/openssl

lp:ubuntu/hardy-updates/openssl

lp:ubuntu/karmic-updates/openssl

lp:ubuntu/lucid-security/openssl

CVE References

2010-3864

Revision history for this message

Tod (todb) wrote on 2010-11-16:

#1

Patch for CVE-2010-3864 Edit (7.0 KiB, text/plain)

Steve Beattie (sbeattie) on 2010-11-16

Changed in openssl (Ubuntu):
assignee:	nobody → Steve Beattie (sbeattie)
status:	New → In Progress
importance:	Undecided → High

Jamie Strandboge (jdstrand) on 2010-11-16

Changed in openssl (Ubuntu):
importance:	High → Undecided
importance:	Undecided → High

Brian Murray (brian-murray) on 2010-11-17

tags:

added: patch

Revision history for this message

Launchpad Janitor (janitor) wrote on 2010-11-18:

#2

This bug was fixed in the package openssl - 0.9.8g-4ubuntu3.12

---------------
openssl (0.9.8g-4ubuntu3.12) hardy-security; urgency=low

  * SECURITY UPDATE: TLS race condition leading to a buffer overflow and
    possible code execution. (LP: #676243)
    - ssl/t1_lib.c: stricter NULL/not-NULL checking
    - http://openssl.org/news/secadv_20101116.txt
    - CVE-2010-3864
-- Steve Beattie <email address hidden> Wed, 17 Nov 2010 09:02:39 -0800

Changed in openssl (Ubuntu):
status:	In Progress → Fix Released

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Patches

Patch for CVE-2010-3864 Edit

Add patch

Remote bug watches

Bug watches keep track of this bug in other bug trackers.