CVE-2011-4576
Priority
Low
Description
The SSL 3.0 implementation in OpenSSL before 0.9.8s and 1.x before 1.0.0f
does not properly initialize data structures for block cipher padding,
which might allow remote attackers to obtain sensitive information by
decrypting the padding data sent by an SSL peer.
does not properly initialize data structures for block cipher padding,
which might allow remote attackers to obtain sensitive information by
decrypting the padding data sent by an SSL peer.
References
Assigned-to
sbeattie
Package
| Upstream: | released (0.9.8s) |
| Ubuntu 8.04 LTS (Hardy Heron): | DNE |
| Ubuntu 10.04 LTS (Lucid Lynx): | DNE |
| Ubuntu 11.04 (Natty Narwhal): | DNE |
| Ubuntu 11.10 (Oneiric Ocelot): | released (0.9.8o-7ubuntu1.2) |
| Ubuntu 12.04 LTS (Precise Pangolin): | released (0.9.8o-7ubuntu3.1) |
Patches:
| Upstream: | http://cvs.openssl.org/chngview?cn=21929 |
Package
| Upstream: | released (0.9.8s,1.0.0f) |
| Ubuntu 8.04 LTS (Hardy Heron): | released (0.9.8g-4ubuntu3.15) |
| Ubuntu 10.04 LTS (Lucid Lynx): | released (0.9.8k-7ubuntu8.8) |
| Ubuntu 11.04 (Natty Narwhal): | released (0.9.8o-5ubuntu1.2) |
| Ubuntu 11.10 (Oneiric Ocelot): | released (1.0.0e-2ubuntu4.2) |
| Ubuntu 12.04 LTS (Precise Pangolin): | not-affected (1.0.0g-1ubuntu1) |
Patches:
| Upstream: | http://cvs.openssl.org/chngview?cn=21940 |