CVE-2015-0291 in Ubuntu

CVE-2015-0291

Priority

High

Description

The sigalgs implementation in t1_lib.c in OpenSSL 1.0.2 before 1.0.2a
allows remote attackers to cause a denial of service (NULL pointer
dereference and daemon crash) by using an invalid signature_algorithms
extension in the ClientHello message during a renegotiation.

References

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0291

Notes

mdeslaur> 1.0.2 only

Package

Source: openssl098 (LP Ubuntu Debian)

Upstream:	needs-triage
Ubuntu 14.04 LTS (Trusty Tahr):	not-affected

Package

Source: openssl (LP Ubuntu Debian)

Upstream:	needs-triage
Ubuntu 14.04 LTS (Trusty Tahr):	not-affected

More Information

Mitre
NVD
Launchpad
Debian

Updated: 2017-12-14 20:04:01 UTC (commit 13907)