CVE-2013-0166

Priority
Medium
Description
OpenSSL before 0.9.8y, 1.0.0 before 1.0.0k, and 1.0.1 before 1.0.1d does
not properly perform signature verification for OCSP responses, which
allows remote OCSP servers to cause a denial of service (NULL pointer
dereference and application crash) via an invalid key.
References
Bugs
Assigned-to
mdeslaur
Package
Upstream:released (0.9.8y)
Ubuntu 10.04 LTS (Lucid Lynx):DNE
Ubuntu 12.04 LTS (Precise Pangolin):needed
Ubuntu 12.10 (Quantal Quetzal):needed
Ubuntu 13.04 (Raring Ringtail):ignored (reached end-of-life)
Ubuntu 13.10 (Saucy Salamander):needed
Ubuntu 14.04 LTS (Trusty Tahr):needed
Package
Upstream:released (0.9.8y, 1.0.0k, 1.0.1d)
Ubuntu 10.04 LTS (Lucid Lynx):released (0.9.8k-7ubuntu8.14)
Ubuntu 12.04 LTS (Precise Pangolin):released (1.0.1-4ubuntu5.6)
Ubuntu 12.10 (Quantal Quetzal):released (1.0.1c-3ubuntu2.1)
Ubuntu 13.04 (Raring Ringtail):released (1.0.1c-4ubuntu4)
Ubuntu 13.10 (Saucy Salamander):released (1.0.1c-4ubuntu4)
Ubuntu 14.04 LTS (Trusty Tahr):released (1.0.1c-4ubuntu4)
Patches:
Upstream:http://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=66e8211c0b1347970096e04b18aa52567c325200 (0.9.8)
Upstream:http://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=ebc71865f0506a293242bd4aec97cdc7a8ef24b0 (1.0.0)
Upstream:http://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=62e4506a7d4cec1c8e1ff687f6b220f6a62a57c7 (1.0.1)
More Information

Valid XHTML 1.0 Strict

Updated: 2014-01-27 19:16:00 UTC (commit 7690)