OpenSSL 0.9.8i and earlier versions do not properly check the return value from the EVP_VerifyFinal function.
Information about this advisory is available at the following locations:
Note: These links take you to a resource outside of AskF5, and it is possible that the information may be removed without our knowledge.
F5 Product Development is tracking this issue as ID 294064 (formerly CR114792) to upgrade the version of OpenSSL used for the FirePass controller.
This is a similar vulnerability to CVE-2009-0025 and CVE-2009-0265. For information about CVE-2009-0025, refer to SOL9754: BIND 9 vulnerability CVE-2009-0025. For information about CVE-2009-0265, refer to SOL11503: BIND 9 vulnerability CVE-2009-0265.