CVE-2008-1678
Published: 10 July 2008
Memory leak in the zlib_stateful_init function in crypto/comp/c_zlib.c in libssl in OpenSSL 0.9.8f through 0.9.8h allows remote attackers to cause a denial of service (memory consumption) via multiple calls, as demonstrated by initial SSL client handshakes to the Apache HTTP Server mod_ssl that specify a compression algorithm.
Notes
Author | Note |
---|---|
kees | this was fixed via SRU in hardy prior to getting a CVE. |
mdeslaur | bug 224945 says gutsy is also affected. |
Priority
Status
Package | Release | Status |
---|---|---|
apache2 Launchpad, Ubuntu, Debian |
upstream |
Released
|
dapper |
Not vulnerable
|
|
feisty |
Not vulnerable
|
|
gutsy |
Released
(2.2.4-3ubuntu0.2)
|
|
hardy |
Released
(2.2.8-1ubuntu0.3)
|
|
intrepid |
Not vulnerable
|
|
Patches: upstream: http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/ssl/mod_ssl.c?r1=654119&r2=654118&pathrev=654119 |