CVE-2008-0891

Priority
Low
Description
Double free vulnerability in OpenSSL 0.9.8f and 0.9.8g, when the TLS server
name extensions are enabled, allows remote attackers to cause a denial of
service (crash) via a malformed Client Hello packet. NOTE: some of these
details are obtained from third party information.
References
Bugs
Notes
 kees> I don't think we're compile with this option at all?
 jdstrand> tlsext not enabled until 0.9.8g-5, so this is negligible on hardy
Package
Upstream:released (0.9.8g-10.1)
More Information

Valid XHTML 1.0 Strict

Updated: 2015-07-29 20:32:01 UTC (commit 9756)