CVE-2012-0884

Note

only affects CMS, PKCS #7, or S/MIME decryption, not SSL/TLS
transactions
from oss-security: "If a Linux distribution picks up the fix for
CVE-2012-0884 then they will want to pick up change 22161 at the
same time since the fix for the security vulnerability will
generally cause symmetric decryption errors when it kicks in and
things get very confusing for the end user without change 22161"
A second issue was fixed too, see:
http://www.openwall.com/lists/oss-security/2012/05/11/5

Package	Release	Status
openssl Launchpad, Ubuntu, Debian	hardy	Released (0.9.8g-4ubuntu3.19)
	lucid	Released (0.9.8k-7ubuntu8.13)
	maverick	Ignored (end of life)
	natty	Released (0.9.8o-5ubuntu1.7)
	oneiric	Released (1.0.0e-2ubuntu4.6)
	precise	Not vulnerable (1.0.1-4ubuntu1)
	quantal	Not vulnerable (1.0.1-4ubuntu1)
	raring	Not vulnerable (1.0.1-4ubuntu1)
	saucy	Not vulnerable (1.0.1-4ubuntu1)
	trusty	Not vulnerable (1.0.1-4ubuntu1)
	upstream	Released (1.0.1)
	Patches: upstream: http://cvs.openssl.org/chngview?cn=22238 upstream: http://cvs.openssl.org/chngview?cn=22161 upstream: http://cvs.openssl.org/chngview?cn=22537 vendor: http://www.debian.org/security/2012/dsa-2454
openssl098 Launchpad, Ubuntu, Debian	hardy	Does not exist
	lucid	Does not exist
	maverick	Does not exist
	natty	Does not exist
	oneiric	Ignored (end of life)
	precise	Released (0.9.8o-7ubuntu3.2)
	quantal	Ignored (end of life)
	raring	Ignored (end of life)
	saucy	Released (0.9.8o-7ubuntu3.2.13.10.1)
	trusty	Released (0.9.8o-7ubuntu3.2.14.04.1)
	upstream	Needs triage

CVE-2012-0884

Notes

Priority

Status

References

Join the discussion

Canonical is offering Expanded Security Maintenance

Further reading