AIX OpenSSL 0.9.8.803 with Security Patches
Home

AIX OpenSSL 0.9.8.803 with Security Patches

Posted 05/12/2009 - 08:18 by David Schnardthorst

Overview: 

Three moderate severity security flaws have been fixed in OpenSSL 0.9.8k.

  • ASN1 printing crash
  • Incorrect Error Checking During CMS verification.
  • Invalid ASN1 clearing check
Description: 

IBM has reported three moderate severity security flaws in IBM OpenSSL 0.9.8.803. 

  • The function ASN_STRING_print_ex() when used to print a BMPString or UniversalString will crash with an invalid memory access if the encode length of the string is illegal (CVE-2009-0590)
  • The function CMS_verify() does not correnlty handle errors involving malformed signed attributes. (CVE-2009-0591)
  • Whem malformed ASN1 structur is recived, it's contents are frred up and zeroed and an error condition returned.  (CVE-2009-0789)

For more information on these flaws, please visit http://www.opensll.org/news/secadv_20090325.txt

Solution: 

A fix is available, and it can be downloaded from:

References: