[Bug 314776] Re: OpenSSL signature verification API misuses

Jamie Strandboge jamie at ubuntu.com
Wed Jan 7 22:26:43 GMT 2009

openssl (0.9.8g-14ubuntu2) jaunty; urgency=low

  * SECURITY UPDATE: clients treat malformed signatures as good when verifying
    server DSA and ECDSA certificates
    - update apps/speed.c, apps/spkac.c, apps/verify.c, apps/x509.c,
      ssl/s2_clnt.c, ssl/s2_srvr.c, ssl/s3_clnt.c, s3_srvr.c, and
      ssl/ssltest.c to properly check the return code of EVP_VerifyFinal()
    - patch based on upstream patch for #2008-016
    - CVE-2008-5077

OpenSSL signature verification API misuses
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to bind9 in ubuntu.

More information about the Ubuntu-server-bugs mailing list