LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Slackware (https://www.linuxquestions.org/questions/slackware-14/)
-   -   new OpenSSL use-after-free race condition (https://www.linuxquestions.org/questions/slackware-14/new-openssl-use-after-free-race-condition-4175501693/)

BenCollver 04-14-2014 01:41 PM
new OpenSSL use-after-free race condition
 
http://ftp.openbsd.org/pub/OpenBSD/p..._openssl.patch

A use-after-free race condition in OpenSSL's read buffer may permit an attacker to inject data from one connection into another.

mancha 04-14-2014 02:42 PM
I've placed a fix at the vault: openssl-1.0.1g_CVE-2010-5298.diff.

--mancha

BenCollver 04-14-2014 06:41 PM
@Mancha:

That was a quick fix. Also thanks for the nice bug review in your security thread.

mancha 04-15-2014 11:42 AM
Quote:
Originally Posted by BenCollver (Post 5152674)
That was a quick fix.
It seemed quicker than it really was. I had already put that fix together and was actually wrapping up my regression testing
when I saw your post. So, I slapped the CVE identifier on it and uploaded to the vault.

Quote:
Originally Posted by BenCollver (Post 5152674)
Also thanks for the nice bug review in your security thread.
Thanks! And thanks to you for bringing it up in this thread and making Slackers aware of the issue.

--mancha


All times are GMT -5. The time now is 03:03 PM.