CVE-2011-4576

Priority
Low
Description
The SSL 3.0 implementation in OpenSSL before 0.9.8s and 1.x before 1.0.0f
does not properly initialize data structures for block cipher padding,
which might allow remote attackers to obtain sensitive information by
decrypting the padding data sent by an SSL peer.
References
Assigned-to
sbeattie
Package
Upstream:released (0.9.8s)
Ubuntu 8.04 LTS (Hardy Heron):DNE
Ubuntu 10.04 LTS (Lucid Lynx):DNE
Ubuntu 11.04 (Natty Narwhal):DNE
Ubuntu 11.10 (Oneiric Ocelot):released (0.9.8o-7ubuntu1.2)
Ubuntu 12.04 LTS (Precise Pangolin):released (0.9.8o-7ubuntu3.1)
Patches:
Upstream:http://cvs.openssl.org/chngview?cn=21929
Package
Upstream:released (0.9.8s,1.0.0f)
Ubuntu 8.04 LTS (Hardy Heron):released (0.9.8g-4ubuntu3.15)
Ubuntu 10.04 LTS (Lucid Lynx):released (0.9.8k-7ubuntu8.8)
Ubuntu 11.04 (Natty Narwhal):released (0.9.8o-5ubuntu1.2)
Ubuntu 11.10 (Oneiric Ocelot):released (1.0.0e-2ubuntu4.2)
Ubuntu 12.04 LTS (Precise Pangolin):not-affected (1.0.0g-1ubuntu1)
Patches:
Upstream:http://cvs.openssl.org/chngview?cn=21940
More Information

Valid XHTML 1.0 Strict

Updated: 2012-06-01 15:22:34 UTC (commit 5347)