CVE-2011-0014

Publication date 9 February 2011

Last updated 24 July 2024

Ubuntu priority

ssl/t1_lib.c in OpenSSL 0.9.8h through 0.9.8q and 1.0.0 through 1.0.0c allows remote attackers to cause a denial of service (crash), and possibly obtain sensitive information in applications that use OpenSSL, via a malformed ClientHello handshake message that triggers an out-of-bounds memory access, aka "OCSP stapling vulnerability."

Read the notes from the security team

Status

Show unmaintained releases

Package	Ubuntu Release	Status
openssl	10.10 maverick	Fixed 0.9.8o-1ubuntu4.4
	10.04 LTS lucid	Fixed 0.9.8k-7ubuntu8.6
	9.10 karmic	Not affected
	8.04 LTS hardy	Not affected
	6.06 LTS dapper	Not affected

How can I get the fixes?
What do statuses mean?

Notes

sbeattie

code/OCSP option is not present in karmic and earlier

References

MITRE
NVD
Launchpad
Debian

Related Ubuntu Security Notices (USN)

USN-1064-1
OpenSSL vulnerability
15 February 2011

Other references

http://www.openssl.org/news/secadv_20110208.txt
https://www.cve.org/CVERecord?id=CVE-2011-0014