ISC Information for VU#748355

ASN.1 parsing errors exist in implementations of SSL, TLS, S/MIME, PKCS#7 routines

Status

Affected

Vendor Statement

-----BEGIN PGP SIGNED MESSAGE-----

Hash: SHA1


ISC Vendor statememt.

BIND 4, BIND 8 and BIND 9.0.x are not vulnerable.

BIND 9.1.x ship with a copy of the vulnerable sections of OpenSSL crypto
library (obj_dat.c and asn1_lib.c).
Please upgrade to BIND 9.2.x and/or relink with a fixed version OpenSSL.
e.g. configure --with-openssl=/path/to/fixed/openssl
Vendors shipping product based on BIND 9.1 should contact bind-bugs@isc.org.

BIND 9.2.x is vulnerable if linked against a vulnerable library. By default
BIND 9.2 does not link against OpenSSL.



-----BEGIN PGP SIGNATURE-----
Version: PGPfreeware 5.0i for non-commercial use
Charset: noconv

iQA/AwUBPUeQBfSU2b/PmJD4EQLarwCfTSZSooMrnC9GBYXGIRDrIrWE40MAoJk8
j3lPQ2HMBWkjmFnBI3aR9nqt
=EVCS
-----END PGP SIGNATURE-----

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Vendor References

None

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.