Openwall GNU/*/Linux Information for VU#104280
Multiple vulnerabilities in SSL/TLS implementations
- Vendor Information Help Date Notified: 30 Sep 2003
- Statement Date:
- Date Updated: 01 Oct 2003
Unknown. If you are the vendor named above, please contact us to update your status.
Openwall GNU/*/Linux currently uses OpenSSL 0.9.6 branch and thus was affected by the ASN.1 parsing and client certificate handling vulnerabilities pertaining to those versions of OpenSSL. It was not affected by the potentially more serious incorrect memory deallocation vulnerability (VU#935264, CVE CAN-2003-0545) that is specific to OpenSSL 0.9.7.
Owl-current as of 2003/10/01 has been updated to OpenSSL 0.9.6k, thus correcting the vulnerabilities.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.