strings, leading to crashes or loss of privacy.
upstream fixes.
- Versione 0.9.8g-15ubuntu3.2:
* SECURITY UPDATE: denial of service via memory consumption from large
number of future epoch DTLS records.
- crypto/pqueue.*: add new pqueue_size counter function.
- ssl/d1_pkt.c: use pqueue_size to limit size of queue to 100.
- http://cvs.openssl.org/chngview?cn=18187
- CVE-2009-1377
* SECURITY UPDATE: denial of service via memory consumption from
duplicate or invalid sequence numbers in DTLS records.
- ssl/d1_both.c: discard message if it's a duplicate or too far in the
future.
- http://marc.info/?l=openssl-dev&m=124263491424212&w=2
- CVE-2009-1378
* SECURITY UPDATE: denial of service or other impact via use-after-free
in dtls1_retrieve_buffered_fragment.
- ssl/d1_both.c: use temp frag_len instead of freed frag.
- http://rt.openssl.org/Ticket/Display.html?id=1923
- CVE-2009-1379
* SECURITY UPDATE: denial of service via DTLS ChangeCipherSpec packet
that occurs before ClientHello.
- ssl/s3_pkt.c: abort if s->session is NULL.
- ssl/{ssl.h,ssl_err.c}: add new error codes.
- http://cvs.openssl.org/chngview?cn=17369
- CVE-2009-1386
* SECURITY UPDATE: denial of service via an out-of-sequence DTLS
handshake message.
- ssl/d1_both.c: don't buffer fragments with no data.
- http://cvs.openssl.org/chngview?cn=17958
- CVE-2009-1387
- Versione 0.9.8g-15ubuntu3.2:
* SECURITY UPDATE: denial of service via memory consumption from large
number of future epoch DTLS records.
- crypto/pqueue.*: add new pqueue_size counter function.
- ssl/d1_pkt.c: use pqueue_size to limit size of queue to 100.
- http://cvs.openssl.org/chngview?cn=18187
- CVE-2009-1377
* SECURITY UPDATE: denial of service via memory consumption from
duplicate or invalid sequence numbers in DTLS records.
- ssl/d1_both.c: discard message if it's a duplicate or too far in the
future.
- http://marc.info/?l=openssl-dev&m=124263491424212&w=2
- CVE-2009-1378
* SECURITY UPDATE: denial of service or other impact via use-after-free
in dtls1_retrieve_buffered_fragment.
- ssl/d1_both.c: use temp frag_len instead of freed frag.
- http://rt.openssl.org/Ticket/Display.html?id=1923
- CVE-2009-1379
* SECURITY UPDATE: denial of service via DTLS ChangeCipherSpec packet
that occurs before ClientHello.
- ssl/s3_pkt.c: abort if s->session is NULL.
- ssl/{ssl.h,ssl_err.c}: add new error codes.
- http://cvs.openssl.org/chngview?cn=17369
- CVE-2009-1386
* SECURITY UPDATE: denial of service via an out-of-sequence DTLS
handshake message.
- ssl/d1_both.c: don't buffer fragments with no data.
- http://cvs.openssl.org/chngview?cn=17958
- CVE-2009-1387
|
Ultimi post pubblicati 20/05 - Egoboo, gioco tridimensionale con visuale in terza persona e modalità multigiocatore 08/05 - 270 milioni di utenti per Firefox 05/05 - LeafPad, editor di testo basato su GTK+ ultraleggero e veloce 03/05 - Tutti gli editori di testo presenti nella neonata Ubuntu 9.04 Jaunty Jackalope, per Gnome e KDE, terza parte 03/05 - Tutti gli editori di testo presenti nella neonata Ubuntu 9.04 Jaunty Jackalope, per Gnome e KDE, seconda parte 03/05 - Tutti gli editori di testo presenti nella neonata Ubuntu 9.04 Jaunty Jackalope, per Gnome e KDE, prima parte 01/05 - Bellissimi sfondi di altissima qualità per Ubuntu 01/05 - Nuovo aggiornamento per Firefox, arriva la release 3.0.10 30/04 - Nuovo da zecca, ecco il calendario di Ubuntu 9.10 Karmic Koala con la data di tutte le uscite alpha |
|
|
| Universo Linux |
Nessun commento:
Posta un commento
Non inserire link cliccabili altrimenti il commento verrà eliminato. Metti la spunta a Inviami notifiche per essere avvertito via email di nuovi commenti.