OpenSSL v0.9.8.m Release Notes
Release Date: 2010-03-24 // about 14 years ago-
- When rejecting SSL/TLS records due to an incorrect version number, never
update s->server with a new major version number. As of
- OpenSSL 0.9.8m if 'short' is a 16-bit type,
- OpenSSL 0.9.8f if 'short' is longer than 16 bits, the previous behavior could result in a read attempt at NULL when receiving specific incorrect SSL/TLS records once record payload protection is active. [CVE-2010-0740][]
Bodo Moeller, Adam Langley [email protected]
- Fix for CVE-2010-0433 where some kerberos enabled versions of OpenSSL could be crashed if the relevant tables were not present (e.g. chrooted).
Tomas Hoger [email protected]
- When rejecting SSL/TLS records due to an incorrect version number, never
update s->server with a new major version number. As of