CVE-2013-6450

Priority
Medium
Description
The DTLS retransmission implementation in OpenSSL 1.0.0 before 1.0.0l and
1.0.1 before 1.0.1f does not properly maintain data structures for digest
and encryption contexts, which might allow man-in-the-middle attackers to
trigger the use of a different context and cause a denial of service
(application crash) by interfering with packet delivery, related to
ssl/d1_both.c and ssl/t1_enc.c.
References
Notes
mdeslaur> only affects 1.0.0+
Assigned-to
mdeslaur
Package
Upstream:needs-triage
Ubuntu 10.04 LTS (Lucid Lynx):not-affected
Ubuntu 12.04 LTS (Precise Pangolin):released (1.0.1-4ubuntu5.11)
Ubuntu 12.10 (Quantal Quetzal):released (1.0.1c-3ubuntu2.6)
Ubuntu 13.10 (Saucy Salamander):released (1.0.1e-3ubuntu1.1)
Ubuntu 14.04 LTS (Trusty Tahr):not-affected (1.0.1f-1ubuntu1)
Patches:
Upstream:http://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=a6c62f0c25a756c263a80ce52afbae888028e986 (1.0.1)
Upstream:http://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=34628967f1e65dc8f34e000f0f5518e21afbfc7b (1.0.1)
Upstream:http://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=f3dcc8411e518fb0835c7d72df4a58718205260d (regression? 1.0.1)
More Information

Valid XHTML 1.0 Strict

Updated: 2014-01-30 14:14:56 UTC (commit 7694)