OpenSSL 'zlib' Compression Memory Leak Remote Denial of ServiceVulnerability in openssl 0.9.8h - Openssl

This is a discussion on OpenSSL 'zlib' Compression Memory Leak Remote Denial of ServiceVulnerability in openssl 0.9.8h - Openssl ; Hi All, I am using openssl 9.8h and i have found Compression Memory Leak Remote Denial of Service Vulnerability in it. The vulnerability info can be found in the following link http://www.securityfocus.com/bid/31692/info . Is there any patches i can apply ...

+ Reply to Thread
Results 1 to 2 of 2

Thread: OpenSSL 'zlib' Compression Memory Leak Remote Denial of ServiceVulnerability in openssl 0.9.8h

  1. OpenSSL 'zlib' Compression Memory Leak Remote Denial of ServiceVulnerability in openssl 0.9.8h


    Hi All,

    I am using openssl 9.8h and i have found Compression Memory Leak Remote
    Denial of Service Vulnerability in it. The vulnerability info can be found
    in the following link http://www.securityfocus.com/bid/31692/info.

    Is there any patches i can apply on openssl 0.9.8h

    please help

    Thanks
    Joshi



    --
    View this message in context: http://www.nabble.com/OpenSSL-%27zli...p19967839.html
    Sent from the OpenSSL - User mailing list archive at Nabble.com.

    __________________________________________________ ____________________
    OpenSSL Project http://www.openssl.org
    User Support Mailing List openssl-users@openssl.org
    Automated List Manager majordomo@openssl.org


  2. Re: OpenSSL 'zlib' Compression Memory Leak Remote Denial of Service Vulnerability in openssl 0.9.8h

    On Mon, Oct 13, 2008 at 11:38:54PM -0700, joshi chandra wrote:

    >
    > Hi All,
    >
    > I am using openssl 9.8h and i have found Compression Memory Leak Remote
    > Denial of Service Vulnerability in it. The vulnerability info can be found
    > in the following link http://www.securityfocus.com/bid/31692/info.
    >
    > Is there any patches i can apply on openssl 0.9.8h


    It looks like this is not an OpenSSL bug, rather it looks like a bug in
    Apache's mod_ssl:

    http://marc.info/?l=openssl-dev&m=121066351112305&w=2

    There is no fix in 0.9.8i, as none was required.

    --
    Viktor.
    __________________________________________________ ____________________
    OpenSSL Project http://www.openssl.org
    User Support Mailing List openssl-users@openssl.org
    Automated List Manager majordomo@openssl.org


+ Reply to Thread