Ubuntu Security Notice (C) 2012-2013 Canonical, Inc. / NASL script (C) 2012-2013 Tenable Network Security, Inc.
The remote Ubuntu host is missing one or more security-related patches.
It was discovered that the fix for CVE-2012-2110 was incomplete for
OpenSSL 0.9.8. A remote attacker could trigger this flaw in services
that used SSL to cause a denial of service or possibly execute
arbitrary code with application privileges. Ubuntu 11.10 was not
affected by this issue. (CVE-2012-2131)
The original upstream fix for CVE-2012-2110 would cause
BUF_MEM_grow_clean() to sometimes return the wrong error condition.
This update fixes the problem.
Update the affected libssl0.9.8 and / or libssl1.0.0 packages.
Risk factor :
High / CVSS Base Score : 7.5
CVSS Temporal Score : 5.9
Public Exploit Available : true