[Secure-testing-team] Re: [SECURITY] [DSA 1185-2] New openssl
packages fix arbitrary code execution
Florian Weimer
fw at deneb.enyo.de
Tue Oct 3 13:11:40 UTC 2006
* Noah Meyerhans:
> The fix used to correct CVE-2006-2940 introduced code that could lead to
> the use of uninitialized memory. Such use is likely to cause the
> application using the openssl library to crash, and has the potential to
> allow an attacker to cause the execution of arbitrary code.
We need a new CVE ID for that one.
More information about the Secure-testing-team
mailing list