CVE-2011-4109

Publication date 5 January 2012

Last updated 24 July 2024

Ubuntu priority

Description

Double free vulnerability in OpenSSL 0.9.8 before 0.9.8s, when X509_V_FLAG_POLICY_CHECK is enabled, allows remote attackers to have an unspecified impact by triggering failure of a policy check.

Read the notes from the security team

Status

Show unmaintained releases

Package	Ubuntu Release	Status
openssl	11.10 oneiric	Not affected
	11.04 natty	Fixed 0.9.8o-5ubuntu1.2
	10.10 maverick	Fixed 0.9.8o-1ubuntu4.6
	10.04 LTS lucid	Fixed 0.9.8k-7ubuntu8.8
	8.04 LTS hardy	Fixed 0.9.8g-4ubuntu3.15
openssl098	11.10 oneiric	Fixed 0.9.8o-7ubuntu1.2
	11.04 natty	Not in release
	10.10 maverick	Not in release
	10.04 LTS lucid	Not in release
	8.04 LTS hardy	Not in release

How can I get the fixes?
What do statuses mean?

Notes

mdeslaur

1.0.0 is not affected

References

MITRE
NVD
Launchpad
Debian

Related Ubuntu Security Notices (USN)

USN-1357-1
OpenSSL vulnerabilities
9 February 2012

Other references

http://www.openssl.org/news/secadv_20120104.txt
https://www.cve.org/CVERecord?id=CVE-2011-4109