[Bug 314776] Re: OpenSSL signature verification API misuses

Jamie Strandboge jamie at ubuntu.com
Fri Jan 9 04:51:21 GMT 2009


bind9 (1:9.5.0.dfsg.P2-5ubuntu1) jaunty; urgency=low

  * SECURITY UPDATE: clients treat malformed signatures as good when verifying
    server DSA and ECDSA certificates.
    - update lib/dns/openssldsa_link.c to properly check the return code of
      DSA_do_verify()
    - CVE-2009-0025


** Changed in: bind9 (Ubuntu)
       Status: Fix Committed => Fix Released

-- 
OpenSSL signature verification API misuses
https://bugs.launchpad.net/bugs/314776
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to bind9 in ubuntu.



More information about the Ubuntu-server-bugs mailing list