CVE-2012-2333

Priority
Medium
Description
Integer underflow in OpenSSL before 0.9.8x, 1.0.0 before 1.0.0j, and 1.0.1
before 1.0.1c, when TLS 1.1, TLS 1.2, or DTLS is used with CBC encryption,
allows remote attackers to cause a denial of service (buffer over-read) or
possibly have unspecified other impact via a crafted TLS packet that is not
properly handled during a certain explicit IV calculation.
References
Assigned-to
sbeattie
Package
Upstream:needs-triage
Ubuntu 10.04 LTS (Lucid Lynx):DNE
Ubuntu 12.04 LTS (Precise Pangolin):needed
Ubuntu 12.10 (Quantal Quetzal):needed
Ubuntu 13.10 (Saucy Salamander):needed
Ubuntu 14.04 LTS (Trusty Tahr):needed
Package
Upstream:released (1.0.1c-1)
Ubuntu 10.04 LTS (Lucid Lynx):released (0.9.8k-7ubuntu8.13)
Ubuntu 12.04 LTS (Precise Pangolin):released (1.0.1-4ubuntu5.2)
Ubuntu 12.10 (Quantal Quetzal):released (1.0.1-4ubuntu6)
Ubuntu 13.10 (Saucy Salamander):released (1.0.1-4ubuntu6)
Ubuntu 14.04 LTS (Trusty Tahr):released (1.0.1-4ubuntu6)
Patches:
Vendor:http://www.debian.org/security/2012/dsa-2475
More Information

Valid XHTML 1.0 Strict

Updated: 2014-04-18 13:15:58 UTC (commit 7949)