Go to:
Gentoo Home
Documentation
Forums
Lists
Bugs
Planet
Store
Wiki
Get Gentoo!
Gentoo's Bugzilla – Attachment 97994 Details for
Bug 148654
dev-libs/openssl Public keys DoS (CVE-2006-2940)
Home
|
New
–
[Ex]
|
Browse
|
Search
|
Privacy Policy
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
[patch]
openssl-CVE-2006-2937.patch
openssl-CVE-2006-2937.patch (text/plain), 1.11 KB, created by
Sune Kloppenborg Jeppesen (RETIRED)
on 2006-09-24 22:30:18 UTC
(
hide
)
Description:
openssl-CVE-2006-2937.patch
Filename:
MIME Type:
Creator:
Sune Kloppenborg Jeppesen (RETIRED)
Created:
2006-09-24 22:30:18 UTC
Size:
1.11 KB
patch
obsolete
>Dr S N Henson of the OpenSSL core team and Open Network Security >recently developed an ASN1 test suite for NISCC (www.niscc.gov.uk). When >the test suite was run against OpenSSL two denial of service >vulnerabilities were discovered. > >During the parsing of certain invalid ASN1 structures an error >condition is mishandled. This can result in an infinite loop which >consumes system memory. CVE-2006-2938 > >Any code which uses OpenSSL to parse ASN1 data from untrusted sources is >affected. This includes SSL servers which enable client authentication >and S/MIME applications. > >This issue affects 0.9.7 and 0.9.8 but not 0.9.6 and earlier > >diff -ur -x CVS openssl8/crypto/asn1/tasn_dec.c ossl8/crypto/asn1/tasn_dec.c >--- crypto/asn1/tasn_dec.c 2006-08-31 21:08:20.000000000 +0100 >+++ crypto/asn1/tasn_dec.c 2006-08-31 21:38:19.000000000 +0100 >@@ -832,6 +832,9 @@ > } > else if (ret == -1) > return -1; >+ >+ ret = 0; >+ > /* SEQUENCE, SET and "OTHER" are left in encoded form */ > if ((utype == V_ASN1_SEQUENCE) > || (utype == V_ASN1_SET) || (utype == V_ASN1_OTHER)) > >
You cannot view the attachment while viewing its details because your browser does not support IFRAMEs.
View the attachment on a separate page
.
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Diff
Attachments on
bug 148654
:
97750
| 97994 |
97995
|
97996