openssl -- double free

2010-08-30T00:00:00
ID DSA-2100
Type debian
Reporter Debian
Modified 2010-08-30T00:00:00

Description

George Guninski discovered a double free in the ECDH code of the OpenSSL crypto library, which may lead to denial of service and potentially the execution of arbitrary code.

For the stable distribution (lenny), this problem has been fixed in version 0.9.8g-15+lenny8.

For the unstable distribution (sid), this problem has been fixed in version 0.9.8o-2.

We recommend that you upgrade your openssl packages.