CVE-2011-4576

Priority
Low
Description
The SSL 3.0 implementation in OpenSSL before 0.9.8s and 1.x before 1.0.0f
does not properly initialize data structures for block cipher padding,
which might allow remote attackers to obtain sensitive information by
decrypting the padding data sent by an SSL peer.
References
Assigned-to
sbeattie
Package
Upstream:released (0.9.8s)
Ubuntu 12.04 LTS (Precise Pangolin):released (0.9.8o-7ubuntu3.1)
Patches:
Upstream:http://cvs.openssl.org/chngview?cn=21929
Package
Upstream:released (0.9.8s,1.0.0f)
Ubuntu 12.04 LTS (Precise Pangolin):not-affected (1.0.0g-1ubuntu1)
Patches:
Upstream:http://cvs.openssl.org/chngview?cn=21940
More Information

Valid XHTML 1.0 Strict

Updated: 2015-07-29 20:40:15 UTC (commit 9756)