CVE-2012-2333
Priority
Medium
Description
Integer underflow in OpenSSL before 0.9.8x, 1.0.0 before 1.0.0j, and 1.0.1
before 1.0.1c, when TLS 1.1, TLS 1.2, or DTLS is used with CBC encryption,
allows remote attackers to cause a denial of service (buffer over-read) or
possibly have unspecified other impact via a crafted TLS packet that is not
properly handled during a certain explicit IV calculation.
before 1.0.1c, when TLS 1.1, TLS 1.2, or DTLS is used with CBC encryption,
allows remote attackers to cause a denial of service (buffer over-read) or
possibly have unspecified other impact via a crafted TLS packet that is not
properly handled during a certain explicit IV calculation.
References
Assigned-to
sbeattie
Package
| Upstream: | needs-triage |
| Ubuntu 8.04 LTS (Hardy Heron): | DNE |
| Ubuntu 10.04 LTS (Lucid Lynx): | DNE |
| Ubuntu 11.10 (Oneiric Ocelot): | ignored (reached end-of-life) |
| Ubuntu 12.04 LTS (Precise Pangolin): | needed |
| Ubuntu 12.10 (Quantal Quetzal): | needed |
| Ubuntu 13.04 (Raring Ringtail): | needed |
| Ubuntu 13.10 (Saucy Salamander): | needed |
Package
| Upstream: | released (1.0.1c-1) |
| Ubuntu 8.04 LTS (Hardy Heron): | released (0.9.8g-4ubuntu3.19) |
| Ubuntu 10.04 LTS (Lucid Lynx): | released (0.9.8k-7ubuntu8.13) |
| Ubuntu 11.10 (Oneiric Ocelot): | released (1.0.0e-2ubuntu4.6) |
| Ubuntu 12.04 LTS (Precise Pangolin): | released (1.0.1-4ubuntu5.2) |
| Ubuntu 12.10 (Quantal Quetzal): | released (1.0.1-4ubuntu6) |
| Ubuntu 13.04 (Raring Ringtail): | released (1.0.1-4ubuntu6) |
| Ubuntu 13.10 (Saucy Salamander): | released (1.0.1-4ubuntu6) |
Patches:
| Vendor: | http://www.debian.org/security/2012/dsa-2475 |