CVE-2012-2333

Publication date 14 May 2012

Last updated 24 July 2024


Ubuntu priority

Integer underflow in OpenSSL before 0.9.8x, 1.0.0 before 1.0.0j, and 1.0.1 before 1.0.1c, when TLS 1.1, TLS 1.2, or DTLS is used with CBC encryption, allows remote attackers to cause a denial of service (buffer over-read) or possibly have unspecified other impact via a crafted TLS packet that is not properly handled during a certain explicit IV calculation.

Status

Package Ubuntu Release Status
openssl 14.04 LTS trusty
Fixed 1.0.1-4ubuntu6
13.10 saucy
Fixed 1.0.1-4ubuntu6
13.04 raring
Fixed 1.0.1-4ubuntu6
12.10 quantal
Fixed 1.0.1-4ubuntu6
12.04 LTS precise
Fixed 1.0.1-4ubuntu5.2
11.10 oneiric
Fixed 1.0.0e-2ubuntu4.6
11.04 natty
Fixed 0.9.8o-5ubuntu1.7
10.04 LTS lucid
Fixed 0.9.8k-7ubuntu8.13
8.04 LTS hardy
Fixed 0.9.8g-4ubuntu3.19
openssl098 14.04 LTS trusty
Fixed 0.9.8o-7ubuntu3.2.14.04.1
13.10 saucy
Fixed 0.9.8o-7ubuntu3.2.13.10.1
13.04 raring Ignored end of life
12.10 quantal Ignored end of life
12.04 LTS precise
Fixed 0.9.8o-7ubuntu3.2
11.10 oneiric Ignored end of life
11.04 natty Not in release
10.04 LTS lucid Not in release
8.04 LTS hardy Not in release

Patch details

For informational purposes only. We recommend not to cherry-pick updates. How can I get the fixes?

Package Patch details
openssl

References

Related Ubuntu Security Notices (USN)

Other references