Design/Logic Flaw

OpenSSL before 0.9.8m does not check for a NULL return value from bnwexpand function calls in 1 crypto/bn/bndiv.c, 2 crypto/bn/bngf2m.c, 3 crypto/ec/ec2smpl.c, and 4 engines/eubsec.c, which has unspecified impact and context-dependent attack vectors...

openssl security and bug fix update

0.9.7a-43.17.1 - CVE-2007-5135 off by one buffer overflow in SSLgetsharedciphers 309851 0.9.7a-43.17 - use poll when reading random device 236164 - make ssl session ID context matching strict 244436 - openssl utility shouldnt crash on invalid PKCS12 files 245083 - CVE-2007-3108 remove conditional...