-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 To all, Not sure if we're affected, but see below for email details. Regards, Mark
On 05/02/2014 09:30 AM, Marc Deslauriers wrote:
Hello,
A null pointer dereference bug was discovered in so_ssl3_write(). An attacker could possibly use this to cause OpenSSL to crash, resulting in a denial of service.
http://rt.openssl.org/Ticket/Display.html?user=guest&pass=guest&id=3321
http://anoncvs.estpak.ee/cgi-bin/cgit/openbsd-src/commit/lib/libssl?id=e76e3...
http://ftp.openbsd.org/pub/OpenBSD/patches/5.5/common/005_openssl.patch.sig
Could a CVE please be assigned to this issue?
Thanks,
Marc.
I think getting this one a CVE is time critical. Mitre: sorry if this causes a duplicate, but I'm assigning a CVE now. Please use CVE-2014-0198 for this issue. Also cc'ing Theo so OpenBSD gets notified for sure. Speaking of which Theo: should we get you or an OpenBSD deputy (Bob Beck?) onto distros@?
-- Kurt Seifried Red Hat Security Response Team (SRT) PGP: 0x5E267993 A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993
-----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.22 (GNU/Linux) iF4EAREIAAYFAlNj4/kACgkQZ/Z80n6+J/ZsowD+K/0ctwnVZwrFY37G8aUaSBXf th2NoIQeFiR/fp1ean0A/1Ik5c/tCHMBR6dv+uJD+F8wSgGAoCAh/einDFlgfZjS =QeNS -----END PGP SIGNATURE-----