Remote Denial of Service (DoS)

Please Install the Updated Packages.

1. Certain ASN.1 encodings that are rejected as invalidby the parser can trigger a bug in the deallocationof the corresponding data structure, corrupting thestack. This can be used as a denial of serviceattack. It is currently unknown whether this can beexploited to run malicious code. This issue does notaffect OpenSSL 0.9.6.<br2. Unusual ASN.1 tag values can cause an out of boundsread under certain circumstances, resulting in adenial of service vulnerability.<br3. A malformed public key in a certificate will crashthe verify code if it is set to ignore public keydecoding errors. Exploitation of an affectedapplication would result in a denial of servicevulnerability.<br4. Due to an error in the SSL/TLS protocol handling,a server will parse a client certificate when one isnot specifically requested.

BIND v920 on HP-UX B.11.00, B.11.11, B.11.22, and B.11.23, running BINDv920.

• http://www11.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c00901847-1

---

Updated on 2015-03-25