DoS bugs in OpenSSL

The use of certain ASN.1 encodings or malformed public keys may allow an attacker to mount a denial of service attack against applications linked with ssl(3). This does not affect OpenSSH.

For full details, please see the OpenSSL advisory:

    http://www.openssl.org/news/secadv_20030930.txt

A fix has been committed to the OpenBSD 3.2 and 3.3 -stable branches. Patches are also available for OpenBSD 3.2 and 3.3.

Patch for OpenBSD 3.2:

    ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.2/common/020_asn1.patch

Patch for OpenBSD 3.3:

    ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.3/common/007_asn1.patch Received on Fri Oct 3 19:08:34 2003

Do you need help?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related openbsd.org Links advocacy announce bugs ipv6 misc ports ports-changes security-announce smp source-changes tech Request more information about Pantek