Bug 138365 - CAN-2004-0081 missing from OpenSSL096b compatbility package
CAN-2004-0081 missing from OpenSSL096b compatbility package
Product: Fedora
Classification: Fedora
Component: openssl096b (Show other bugs)
All Linux
medium Severity medium
: ---
: ---
Assigned To: Tomas Mraz
: Security
Depends On:
  Show dependency treegraph
Reported: 2004-11-08 11:34 EST by Mark J. Cox
Modified: 2007-11-30 17:10 EST (History)
0 users

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2005-02-02 09:39:44 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

  None (edit)
Description Mark J. Cox 2004-11-08 11:34:51 EST
OpenSSL 0.9.6 before 0.9.6d does not properly handle unknown message
types, which allows remote attackers to cause a denial of service
(infinite loop), as demonstrated using the Codenomicon TLS Test Tool.

During an audit of FC3 security issues, the Red Hat security team
discovered that the fix for CAN-2004-0081 is missing from OpenSSL096b.
 This does not present a large risk due to the use of this
compatibility package.
Comment 2 Tomas Mraz 2005-02-02 09:39:44 EST
Fixed in openssl096b-0.9.6b-20 and -21 for FC2/FC3.

Note You need to log in before you can comment on or make changes to this bug.