CVE-2008-0891

Priority
Low
Description
Double free vulnerability in OpenSSL 0.9.8f and 0.9.8g, when the TLS server
name extensions are enabled, allows remote attackers to cause a denial of
service (crash) via a malformed Client Hello packet. NOTE: some of these
details are obtained from third party information.
References
Bugs
Notes
kees> I don't think we're compile with this option at all?
jdstrand> tlsext not enabled until 0.9.8g-5, so this is negligible on hardy
Package
Upstream:released (0.9.8g-10.1)
Ubuntu 8.04 LTS (Hardy Heron):released (0.9.8g-4ubuntu3.3)
More Information

Valid XHTML 1.0 Strict

Updated: 2012-06-01 15:18:36 UTC (commit 5347)