Hacker News new | past | comments | ask | show | jobs | submit login
OpenSSL CVE-2010-5298 / CVE-2014-0198 (ubuntu.com)
86 points by oneiroi on May 6, 2014 | hide | past | favorite | 4 comments



This doesn't seem all that important. There are numerous bugs around most software out there which can cause it to crash. It's not good, but it's also not the worst one out there.

If it was that bad, it would have been fixed earlier. It was reported first in 2010: https://rt.openssl.org/Ticket/Display.html?id=2167&user=gues...

It was also fixed a few weeks ago.

Edit: Just noticed that the openssl bug tracker passes the username and password in the URL. Oh dear...


At least no google results for anything other than guest show up.


For a security project I find their lack of security shocking.


r/netsec threads on CVE-2010-5298:

http://www.reddit.com/r/netsec/comments/22whnm/openssl_useaf...

http://www.reddit.com/r/netsec/comments/23pggy/all_versions_...

RH Response: https://access.redhat.com/security/cve/CVE-2010-5298 see the BZ links closed as "not exploitable"




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: