CVE-2010-3864

Publication date 17 November 2010

Last updated 24 July 2024

Ubuntu priority

Multiple race conditions in ssl/t1_lib.c in OpenSSL 0.9.8f through 0.9.8o, 1.0.0, and 1.0.0a, when multi-threading and internal caching are enabled on a TLS server, might allow remote attackers to execute arbitrary code via client data that triggers a heap-based buffer overflow, related to (1) the TLS server name extension and (2) elliptic curve cryptography.

Status

Show unmaintained releases

No maintained releases are affected by this CVE.

Package	Ubuntu Release	Status
openssl	10.10 maverick	Fixed 0.9.8o-1ubuntu4.2
	10.04 LTS lucid	Fixed 0.9.8k-7ubuntu8.4
	9.10 karmic	Fixed 0.9.8g-16ubuntu3.4
	8.04 LTS hardy	Fixed 0.9.8g-4ubuntu3.12
	6.06 LTS dapper	Not affected

How can I get the fixes?
What do statuses mean?

References

MITRE
NVD
Launchpad
Debian

Related Ubuntu Security Notices (USN)

USN-1018-1
OpenSSL vulnerability
18 November 2010

Other references

https://www.cve.org/CVERecord?id=CVE-2010-3864