Double free vulnerability in OpenSSL 0.9.8f and 0.9.8g, when the TLS server
name extensions are enabled, allows remote attackers to cause a denial of
service (crash) via a malformed Client Hello packet. NOTE: some of these
details are obtained from third party information.
kees> I don't think we're compile with this option at all?
jdstrand> tlsext not enabled until 0.9.8g-5, so this is negligible on hardy
Updated: 2016-03-23 03:30:45 UTC (commit 10817)