CVE-2008-0891 — openssl - multiple vulnerabilities

Description

Double free vulnerability in OpenSSL 0.9.8f and 0.9.8g, when the TLS server name extensions are enabled, allows remote attackers to cause a denial of service (crash) via a malformed Client Hello packet. NOTE: some of these details are obtained from third party information.

How to fix CVE-2008-0891

To remediate CVE-2008-0891, upgrade the affected package to a fixed version below.

Debian/openssl—upgrade to 0.9.8g-10.1 or later
Debian/openssl—upgrade to 0.9.8g-10+lenny1 or later

Is CVE-2008-0891 being exploited?

Moderate — EPSS is 11.3%. Track this CVE but it's not at the top of the prioritisation list.

Affected packages (2)

from 0, < 0.9.8g-10.1
from 0, < 0.9.8g-10+lenny1

References (1)

ADVISORYsecurity-tracker.debian.org/tracker/CVE-2008-0891