OpenSSL: Heap-Based Buffer Overflow Vulnerability

Users of OpenSSL please be advised of a heap based buffer overflow vulnerability that has been identified.
To view this vulnerability, possible remedies, and others please check out the Security Advisories at Critical Watch (http://criticalwatch.com/support/security-advisories.aspx)

MDVSA-2010:238: [MDVSA-2010:238] openssl
Problem Description:

A vulnerability was discovered in openssl that causes a race condition

within the TLS extension parsing code and which can be exploited to

cause a heap-based buffer overflow (CVE-2010-3864).

Packages for 2009.0 are provided as of the Extended Maintenance

Program. Please visit this link to learn more:

http://store.mandriva.com/product_info.php?cPath=149&products_id=490

The updated packages have been patched to correct this issue.
Read more at http://www.criticalwatch.com

 

Advertisements