CVE-2013-6449

Priority
Medium
Description
The ssl_get_algorithm2 function in ssl/s3_lib.c in OpenSSL before 1.0.2
obtains a certain version number from an incorrect data structure, which
allows remote attackers to cause a denial of service (daemon crash) via
crafted traffic from a TLS 1.2 client.
References
Bugs
Notes
mdeslaur> only 1.0.1+
Assigned-to
mdeslaur
Package
Upstream:needs-triage
Ubuntu 10.04 LTS (Lucid Lynx):not-affected
Ubuntu 12.04 LTS (Precise Pangolin):released (1.0.1-4ubuntu5.11)
Ubuntu 12.10 (Quantal Quetzal):released (1.0.1c-3ubuntu2.6)
Ubuntu 13.04 (Raring Ringtail):released (1.0.1c-4ubuntu8.2)
Ubuntu 13.10 (Saucy Salamander):released (1.0.1e-3ubuntu1.1)
Ubuntu 14.04 LTS (Trusty Tahr):not-affected (1.0.1f-1ubuntu1)
Patches:
Upstream:http://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=0294b2be5f4c11e60620c0018674ff0e17b14238 (1.0.1)
Upstream:http://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=ca989269a2876bae79393bd54c3e72d49975fc75 (1.0.1)
More Information

Valid XHTML 1.0 Strict

Updated: 2014-01-10 13:14:34 UTC (commit 7617)