Double free vulnerability in OpenSSL 0.9.8f and 0.9.8g, when the TLS server
name extensions are enabled, allows remote attackers to cause a denial of
service (crash) via a malformed Client Hello packet. NOTE: some of these
details are obtained from third party information.
kees> I don't think we're compile with this option at all?
jdstrand> tlsext not enabled until 0.9.8g-5, so this is negligible on hardy
Updated: 2015-10-17 03:29:34 UTC (commit 10086)