CVE-2009-4355

Publication date 13 January 2010

Last updated 24 July 2024

Ubuntu priority

Memory leak in the zlib_stateful_finish function in crypto/comp/c_zlib.c in OpenSSL 0.9.8l and earlier and 1.0.0 Beta through Beta 4 allows remote attackers to cause a denial of service (memory consumption) via vectors that trigger incorrect calls to the CRYPTO_cleanup_all_ex_data function, as demonstrated by use of SSLv3 and PHP with the Apache HTTP Server, a related issue to CVE-2008-1678.

Status

Show unmaintained releases

Package	Ubuntu Release	Status
openssl	9.10 karmic	Fixed 0.9.8g-16ubuntu3.1
	9.04 jaunty	Fixed 0.9.8g-15ubuntu3.4
	8.10 intrepid	Fixed 0.9.8g-10.1ubuntu2.6
	8.04 LTS hardy	Fixed 0.9.8g-4ubuntu3.9
	6.06 LTS dapper	Fixed 0.9.8a-7ubuntu0.11

How can I get the fixes?
What do statuses mean?

References

MITRE
NVD
Launchpad
Debian

Related Ubuntu Security Notices (USN)

USN-884-1
OpenSSL vulnerability
14 January 2010

Other references

https://www.cve.org/CVERecord?id=CVE-2009-4355