CVE-2010-5298

Publication date 14 April 2014

Last updated 24 July 2024


Ubuntu priority

Race condition in the ssl3_read_bytes function in s3_pkt.c in OpenSSL through 1.0.1g, when SSL_MODE_RELEASE_BUFFERS is enabled, allows remote attackers to inject data across sessions or cause a denial of service (use-after-free and parsing error) via an SSL connection in a multithreaded environment.

Read the notes from the security team

Status

Package Ubuntu Release Status
openssl 14.04 LTS trusty
Fixed 1.0.1f-1ubuntu2.1
13.10 saucy
Fixed 1.0.1e-3ubuntu1.3
12.10 quantal
Fixed 1.0.1c-3ubuntu2.8
12.04 LTS precise
Fixed 1.0.1-4ubuntu5.13
10.04 LTS lucid
Not affected
openssl098 14.04 LTS trusty Not in release
13.10 saucy
Not affected
12.10 quantal
Not affected
12.04 LTS precise
Not affected
10.04 LTS lucid Not in release

Notes


mdeslaur

introduced by https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=8671b898609777c95aedf33743419a523874e6e8