CVE-2008-0891

Priority
Low
Description
Double free vulnerability in OpenSSL 0.9.8f and 0.9.8g, when the TLS server
name extensions are enabled, allows remote attackers to cause a denial of
service (crash) via a malformed Client Hello packet. NOTE: some of these
details are obtained from third party information.
References
Bugs
Notes
 kees> I don't think we're compile with this option at all?
 jdstrand> tlsext not enabled until 0.9.8g-5, so this is negligible on hardy
Package
Upstream:released (0.9.8g-10.1)
More Information

Updated: 2016-03-23 03:30:45 UTC (commit 10817)