CVE-2009-0050
Published: 7 January 2009
Lasso 2.2.1 and earlier does not properly check the return value from the OpenSSL DSA_verify function, which allows remote attackers to bypass validation of the certificate chain via a malformed SSL/TLS signature, a similar vulnerability to CVE-2008-5077.
Priority
Status
Package | Release | Status |
---|---|---|
lasso Launchpad, Ubuntu, Debian |
dapper |
Released
(0.6.3-4ubuntu1.1)
|
gutsy |
Released
(2.0.0-1ubuntu1.1)
|
|
hardy |
Released
(2.1.1-2ubuntu1.1)
|
|
intrepid |
Released
(2.2.0-1ubuntu0.1)
|
|
upstream |
Released
(2.2.1-2)
|
|
Patches: debdiff: https://bugs.launchpad.net/ubuntu/+source/lasso/+bug/317181 |