PublicDate: 2006-09-05 17:04:00 UTC
Candidate: CVE-2006-4339
References:
 https://ubuntu.com/security/notices/USN-339-1
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4339
Description:
 OpenSSL before 0.9.7, 0.9.7 before 0.9.7k, and 0.9.8 before 0.9.8c, when
 using an RSA key with exponent 3, removes PKCS-1 padding before generating
 a hash, which allows remote attackers to forge a PKCS #1 v1.5 signature
 that is signed by that RSA key and prevents OpenSSL from correctly
 verifying X.509 and other certificates that use PKCS #1.
Ubuntu-Description:
Notes:
Priority: untriaged
Discovered-by:
Assigned-to:
CVSS:

Bugs:
dapper_openssl097: released (0.9.7g-5ubuntu1.1)
edgy_openssl097: released (0.9.7k-3)
feisty_openssl097: released (0.9.7k-3)
devel_openssl097: released (0.9.7k-3)
dapper_openssl: released (0.9.8a-7ubuntu0.3)
edgy_openssl: released (0.9.8b-2ubuntu2)
feisty_openssl: released (0.9.8b-2ubuntu2)
devel_openssl: released (0.9.8b-2ubuntu2)
upstream_openssl: needs-triage
upstream_openssl097: needs-triage