CVE-2011-4576
Published: 5 January 2012
The SSL 3.0 implementation in OpenSSL before 0.9.8s and 1.x before 1.0.0f does not properly initialize data structures for block cipher padding, which might allow remote attackers to obtain sensitive information by decrypting the padding data sent by an SSL peer.
Priority
Status
| Package | Release | Status |
|---|---|---|
|
openssl Launchpad, Ubuntu, Debian |
upstream |
Released
(0.9.8s,1.0.0f)
|
| hardy |
Released
(0.9.8g-4ubuntu3.15)
|
|
| lucid |
Released
(0.9.8k-7ubuntu8.8)
|
|
| maverick |
Released
(0.9.8o-1ubuntu4.6)
|
|
| natty |
Released
(0.9.8o-5ubuntu1.2)
|
|
| oneiric |
Released
(1.0.0e-2ubuntu4.2)
|
|
|
Patches: upstream: http://cvs.openssl.org/chngview?cn=21940 |
||
|
openssl098 Launchpad, Ubuntu, Debian |
upstream |
Released
(0.9.8s)
|
| hardy |
Does not exist
|
|
| lucid |
Does not exist
|
|
| maverick |
Does not exist
|
|
| natty |
Does not exist
|
|
| oneiric |
Released
(0.9.8o-7ubuntu1.2)
|
|
|
Patches: upstream: http://cvs.openssl.org/chngview?cn=21929 |
||