search for: 086585

Hi, Tavis Ormandy found some bugs in OpenSSL's ASN.1 and buffer code that can be exploited to cause a heap overflow: http://lists.grok.org.uk/pipermail/full-disclosure/2012-April/086585.html Fortunately OpenSSH's sshd is not vulnerable - it has avoided the use of ASN.1 parsing since 2002 when Markus wrote a custom RSA verification function (openssh_RSA_verify): http://www.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/ssh-rsa.c?rev=HEAD;content-type=text%2Fplain That's now...