Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Mon, 14 Apr 2014 11:27:21 -0400 (EDT)
From: cve-assign@...re.org
To: sbauer@....utah.edu
Cc: cve-assign@...re.org, oss-security@...ts.openwall.com
Subject: Re: Use-after-free race condition,in OpenSSL's read buffer

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

> http://www.openbsd.org/errata55.html#004_openssl
> http://ftp.openbsd.org/pub/OpenBSD/patches/5.5/common/004_openssl.patch.sig
> http://svnweb.freebsd.org/ports/head/security/openssl/files/patch-ssl-s3_pkt.c?revision=351191&view=markup
> http://www.tedunangst.com/flak/post/analysis-of-openssl-freelist-reuse
> https://rt.openssl.org/Ticket/Display.html?id=2167&user=guest&pass=guest
> https://rt.openssl.org/Ticket/Display.html?id=3265&user=guest&pass=guest
> 
> (not yet available at
> http://git.openssl.org/gitweb/?p=openssl.git;a=blob;f=ssl/s3_pkt.c;hb=701134320a94908d8c0ac513741cab41e215a7b5
> line 1337)

Use CVE-2010-5298.

- -- 
CVE assignment team, MITRE CVE Numbering Authority
M/S M300
202 Burlington Road, Bedford, MA 01730 USA
[ PGP key available through http://cve.mitre.org/cve/request_id.html ]
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.14 (SunOS)

iQEcBAEBAgAGBQJTS/3RAAoJEKllVAevmvmsSDcH/0yHd90E4aJfKbtlsIBfOi8p
+XIdUtbWsYhFu97QjjubRkRO4KnRRmZJrygLcFN1XGJW80px8JZBqT1OW/vHSAwh
rHaBLqEjl8z5MU41rlqSwnzjA17kG3pPvltOu8kYqiBEKn32YSMwU4ZCIYpa6+Sb
LCiOM8iu5DX3VZrIjk4U/iStgOlxNs4i8Jv2xHy3oPSTspaO46LeeygTz6k9hlGr
qk1Aek9gxr+FNk7MJ1kHsct3IUFq67TIBSgc3H7k/ucwOxh1VxfxVxsHgrgj0+N5
4/8b3ZoLsNN1UY91KW/qcRJfCsC9XEI7NqDF/uTJKJX74DRBqMeOYG4YtAXECLs=
=mxUa
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ