oss-sec mailing list archives

Re: CVE Request: openssl double free

From: Josh Bressers <bressers () redhat com>
Date: Thu, 12 Aug 2010 13:35:42 -0400 (EDT)

Please use CVE-2010-2939 for this.

Thanks.

-- 
    JB


----- "Ludwig Nussel" <ludwig.nussel () suse de> wrote:

Hi,

Georgi Guninski found a double free issue in openssl's client
implementation:
http://www.mail-archive.com/openssl-dev () openssl org/msg28043.html
The affected code also is in pre 1.0 versions but only 1.0 uses ECDH
for ssl by default AFAICT.

cu
Ludwig

-- 
 (o_   Ludwig Nussel
 //\   
 V_/_  http://www.suse.de/
SUSE LINUX Products GmbH, GF: Markus Rex, HRB 16746 (AG Nuernberg)

Current thread:

CVE Request: openssl double free Ludwig Nussel (Aug 11)
- Re: CVE Request: openssl double free Solar Designer (Aug 11)
- Re: CVE Request: openssl double free Josh Bressers (Aug 12)