From 98d8457650f0fca14b824f3b8eb87a22acf57411 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Tom=C3=A1=C5=A1=20Mr=C3=A1z?= Date: Mon, 2 Oct 2006 08:37:59 +0000 Subject: [PATCH] - CVE-2006-2940 fix was incorrect (#208744) --- openssl-0.9.8b-cve-2006-2940.patch | 2 +- openssl.spec | 5 ++++- 2 files changed, 5 insertions(+), 2 deletions(-) diff --git a/openssl-0.9.8b-cve-2006-2940.patch b/openssl-0.9.8b-cve-2006-2940.patch index 657b857..47f511b 100644 --- a/openssl-0.9.8b-cve-2006-2940.patch +++ b/openssl-0.9.8b-cve-2006-2940.patch @@ -53,7 +53,7 @@ diff -u -r1.24.2.3 dh_key.c + if (BN_num_bits(dh->p) > OPENSSL_DH_MAX_MODULUS_BITS) + { + DHerr(DH_F_COMPUTE_KEY,DH_R_MODULUS_TOO_LARGE); -+ goto err; ++ return -1; + } + ctx = BN_CTX_new(); diff --git a/openssl.spec b/openssl.spec index 33ec11a..0360ff7 100644 --- a/openssl.spec +++ b/openssl.spec @@ -21,7 +21,7 @@ Summary: The OpenSSL toolkit Name: openssl Version: 0.9.8b -Release: 7 +Release: 8 Source: openssl-%{version}-usa.tar.bz2 Source1: hobble-openssl Source2: Makefile.certificate @@ -363,6 +363,9 @@ rm -rf $RPM_BUILD_ROOT/%{_bindir}/openssl_fips_fingerprint %postun -p /sbin/ldconfig %changelog +* Mon Oct 2 2006 Tomas Mraz 0.9.8b-8 +- CVE-2006-2940 fix was incorrect (#208744) + * Mon Sep 25 2006 Tomas Mraz 0.9.8b-7 - fix CVE-2006-2937 - mishandled error on ASN.1 parsing (#207276) - fix CVE-2006-2940 - parasitic public keys DoS (#207274)