[PLSA 2009-50] Openssl: Multiple Vulnerabilities
- Severity: 3
- Type: Remote
- Release Date: 2009-04-09
Some vulnerabilities have been reported in OpenSSL, which can be exploited by malicious people to bypass certain security restrictions or cause a DoS (Denial of Service).
1) An error exists in the "ASN1_STRING_print_ex()" function when printing "BMPString" or "UniversalString" strings. This can be exploited to trigger an access to invalid memory and cause a crash via an illegal encoded string length
when e.g. printing the contents of a certificate.
2) The "CMS_verify()" function incorrectly handles an error condition when processing malformed signed attributes. This can be exploited to trick an application into considering a malformed set of signed attributes valid and skip further checks.
3) An error when processing malformed ASN1 structures can be exploited to trigger an access to invalid memory and cause a crash via a specially crafted certificate.
- openssl, all before 0.9.8k-20-7
There are update(s) for openssl. You can update them via Package Manager or with a single command from console:
pisi up openssl