CVE-2008-1678
Published: 10 July 2008
Memory leak in the zlib_stateful_init function in crypto/comp/c_zlib.c in libssl in OpenSSL 0.9.8f through 0.9.8h allows remote attackers to cause a denial of service (memory consumption) via multiple calls, as demonstrated by initial SSL client handshakes to the Apache HTTP Server mod_ssl that specify a compression algorithm.
Notes
| Author | Note |
|---|---|
| kees | this was fixed via SRU in hardy prior to getting a CVE. |
| mdeslaur | bug 224945 says gutsy is also affected. |
Priority
Status
| Package | Release | Status |
|---|---|---|
|
apache2 Launchpad, Ubuntu, Debian |
dapper |
Not vulnerable
|
| feisty |
Not vulnerable
|
|
| gutsy |
Released
(2.2.4-3ubuntu0.2)
|
|
| hardy |
Released
(2.2.8-1ubuntu0.3)
|
|
| intrepid |
Not vulnerable
|
|
| upstream |
Released
|
|
|
Patches: upstream: http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/ssl/mod_ssl.c?r1=654119&r2=654118&pathrev=654119 |
||