CVE-2008-1672

Published: 29 May 2008

OpenSSL 0.9.8f and 0.9.8g allows remote attackers to cause a denial of service (crash) via a TLS handshake that omits the Server Key Exchange message and uses "particular cipher suites," which triggers a NULL pointer dereference.

Priority

Status

Package	Release	Status
openssl Launchpad, Ubuntu, Debian	dapper	Not vulnerable
	feisty	Not vulnerable
	gutsy	Not vulnerable
	hardy	Released (0.9.8g-4ubuntu3.3)
	upstream	Released (0.9.8g-10.1)

References

http://www.openssl.org/news/secadv_20080528.txt
https://ubuntu.com/security/notices/USN-620-1
https://www.cve.org/CVERecord?id=CVE-2008-1672
NVD
Launchpad
Debian

Bugs

https://bugs.launchpad.net/bugs/235913

Join the discussion

Ubuntu security updates mailing list
Security announcements mailing list

Canonical is offering Expanded Security Maintenance

Canonical is offering Ubuntu Expanded Security Maintenance (ESM) for security fixes and essential packages.

Find out more about ESM ›