Go to:
Gentoo Home
Documentation
Forums
Lists
Bugs
Planet
Store
Wiki
Get Gentoo!
Gentoo's Bugzilla – Attachment 154343 Details for
Bug 223429
dev-libs/openssl >=0.9.8f <0.9.8g-r2 Denial of Service vulnerabilities (CVE-2008-0891, CVE-2008-1672)
Home
|
New
–
[Ex]
|
Browse
|
Search
|
Privacy Policy
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
[patch]
openssl-0.9.8g-CVE-2008-1672.patch
openssl-0.9.8g-CVE-2008-1672.patch (text/plain), 1.52 KB, created by
Robert Buchholz (RETIRED)
on 2008-05-26 11:13:20 UTC
(
hide
)
Description:
openssl-0.9.8g-CVE-2008-1672.patch
Filename:
MIME Type:
Creator:
Robert Buchholz (RETIRED)
Created:
2008-05-26 11:13:20 UTC
Size:
1.52 KB
patch
obsolete
>Index: CHANGES >=================================================================== >RCS file: /e/openssl/cvs/openssl/CHANGES,v >retrieving revision 1.1238.2.86 >diff -u -r1.1238.2.86 CHANGES >--- CHANGES 28 Feb 2008 13:35:58 -0000 1.1238.2.86 >+++ CHANGES 22 May 2008 09:19:30 -0000 >@@ -4,6 +4,10 @@ > > Changes between 0.9.8g and 0.9.8h [xx XXX xxxx] > >+ *) Fix flaw if 'Server Key exchange message' is omitted from a TLS >+ handshake which could lead to a cilent crash as found using the >+ Codenomicon TLS test suite (CVE-2008-1672) [Steve Henson, Mark Cox] >+ > *) Fix BN flag handling in RSA_eay_mod_exp() and BN_MONT_CTX_set() > to get the expected BN_FLG_CONSTTIME behavior. > [Bodo Moeller (Google)] >Index: ssl/s3_clnt.c >=================================================================== >RCS file: /e/openssl/cvs/openssl/ssl/s3_clnt.c,v >retrieving revision 1.88.2.12 >diff -u -r1.88.2.12 s3_clnt.c >--- ssl/s3_clnt.c 3 Nov 2007 13:07:39 -0000 1.88.2.12 >+++ ssl/s3_clnt.c 22 May 2008 09:19:30 -0000 >@@ -2061,6 +2061,13 @@ > { > DH *dh_srvr,*dh_clnt; > >+ if (s->session->sess_cert == NULL) >+ { >+ ssl3_send_alert(s,SSL3_AL_FATAL,SSL_AD_UNEXPECTED_MESSAGE); >+ SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,SSL_R_UNEXPECTED_MESSAGE); >+ goto err; >+ } >+ > if (s->session->sess_cert->peer_dh_tmp != NULL) > dh_srvr=s->session->sess_cert->peer_dh_tmp; > else
You cannot view the attachment while viewing its details because your browser does not support IFRAMEs.
View the attachment on a separate page
.
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Diff
Attachments on
bug 223429
:
154341
| 154343