CVE-2012-2333

Priority
Medium
Description
Integer underflow in OpenSSL before 0.9.8x, 1.0.0 before 1.0.0j, and 1.0.1
before 1.0.1c, when TLS 1.1, TLS 1.2, or DTLS is used with CBC encryption,
allows remote attackers to cause a denial of service (buffer over-read) or
possibly have unspecified other impact via a crafted TLS packet that is not
properly handled during a certain explicit IV calculation.
References
Assigned-to
sbeattie
Package
Upstream:needs-triage
Ubuntu 10.04 LTS (Lucid Lynx):DNE
Ubuntu 12.04 LTS (Precise Pangolin):released (0.9.8o-7ubuntu3.2)
Ubuntu 13.10 (Saucy Salamander):released (0.9.8o-7ubuntu3.2.13.10.1)
Ubuntu 14.04 LTS (Trusty Tahr):released (0.9.8o-7ubuntu3.2.14.04.1)
Ubuntu 14.10 (Utopic Unicorn):released (0.9.8o-7ubuntu4)
Package
Upstream:released (1.0.1c-1)
Ubuntu 10.04 LTS (Lucid Lynx):released (0.9.8k-7ubuntu8.13)
Ubuntu 12.04 LTS (Precise Pangolin):released (1.0.1-4ubuntu5.2)
Ubuntu 13.10 (Saucy Salamander):released (1.0.1-4ubuntu6)
Ubuntu 14.04 LTS (Trusty Tahr):released (1.0.1-4ubuntu6)
Ubuntu 14.10 (Utopic Unicorn):released (1.0.1-4ubuntu6)
Patches:
Vendor:http://www.debian.org/security/2012/dsa-2475
More Information

Valid XHTML 1.0 Strict

Updated: 2014-07-02 16:14:34 UTC (commit 8198)