Linux Security
Linux Security
Linux Security

Debian: DSA-2125-1: New openssl packages fix buffer overflow

Date 22 Nov 2010
Posted By LinuxSecurity Advisories
A flaw has been found in the OpenSSL TLS server extension code parsing which on affected servers can be exploited in a buffer overrun attack. This allows an attacker to cause an appliation crash or potentially to execute arbitrary code.

- ------------------------------------------------------------------------
Debian Security Advisory DSA-2125-1                  This email address is being protected from spambots. You need JavaScript enabled to view it.                           Stefan Fritsch
November 22, 2010           
- ------------------------------------------------------------------------

Package        : openssl
Vulnerability  : buffer overflow
Problem type   : remote
Debian-specific: no
Debian Bug     : 603709
CVE Id(s)      : CVE-2010-3864

A flaw has been found in the OpenSSL TLS server extension code parsing
which on affected servers can be exploited in a buffer overrun attack.
This allows an attacker to cause an appliation crash or potentially to
execute arbitrary code.

However, not all OpenSSL based SSL/TLS servers are vulnerable: A server
is vulnerable if it is multi-threaded and uses OpenSSL's internal caching
mechanism.  In particular the Apache HTTP server (which never uses OpenSSL
internal caching) and Stunnel (which includes its own workaround) are NOT

This upgrade fixes this issue. After the upgrade, any services using the
openssl libraries need to be restarted. The checkrestart script from the
debian-goodies package or lsof can help to find out which services need
to be restarted.

A note to users of the tor packages from the Debian backports or Debian
volatile: This openssl update causes problems with some versions of tor.
You need to update to tor or,
respectively. The tor package version from Debian stable
is not affected by these problems.

For the stable distribution (lenny), the problem has been fixed in
openssl version 0.9.8g-15+lenny9.

For the testing distribution (squeeze) and the unstable distribution
(sid), this problem has been fixed in version 0.9.8o-3.

We recommend that you upgrade your openssl packages.

Upgrade instructions
- --------------------

wget url
        will fetch the file for you
dpkg -i file.deb
        will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
        will update the internal database
apt-get upgrade
        will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.

Debian GNU/Linux 5.0 alias lenny (stable)
- -----------------------------------------

Stable updates are available for alpha, amd64, arm, armel, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc.

Source archives:
    Size/MD5 checksum:  3354792 acf70a16359bf3658bdfb74bda1c4419
    Size/MD5 checksum:     1973 1efb69f23999507bf2e74f5b848744af
    Size/MD5 checksum:    60451 9aba44ed40b0c9c8ec82bd6cd33c44b8

alpha architecture (DEC Alpha)
    Size/MD5 checksum:  2583248 3b3f0cbec4ec28eb310466237648db8f
    Size/MD5 checksum:  1028998 79fe8cdd601aecd9f956033a04fb8da5
    Size/MD5 checksum:   722114 a388304bf86381229c306e79a5e85bf8
    Size/MD5 checksum:  2814160 e0f6fc697f5e9c87b44aa15eb58c3ea8
    Size/MD5 checksum:  4369318 c3cf8c7ec27f86563c34f45e986e17c4

amd64 architecture (AMD x86_64 (AMD64))
    Size/MD5 checksum:   975850 778916e8b0df8e216121cd5185d7ca43
    Size/MD5 checksum:  2243180 ff6a898ccd6fb49d5fbec9f4bd3cb6da
    Size/MD5 checksum:   638414 9ea111d66ac5f394d35fb69defa5dd27
    Size/MD5 checksum:  1627632 9f08e1da5cf9279cee4700e89dc6ee6d
    Size/MD5 checksum:  1043320 9ada82a7417c0d714a38c3a7184c2401

arm architecture (ARM)
    Size/MD5 checksum:   536038 a9c90bb3ad326fa43c1285c1768df046
    Size/MD5 checksum:  2087048 bded4e624fcf0791ae0885aa18d99123
    Size/MD5 checksum:  1028894 20784774078f02ef7e9db2ddbd7d5548
    Size/MD5 checksum:  1490666 700c80efddb108b3e2a65373cc10dcc8
    Size/MD5 checksum:   844426 4cad5651a6d37ab19fb80b05a423598d

armel architecture (ARM EABI)
    Size/MD5 checksum:  1029206 6c6c35731ecacfc0280520097ee183d4
    Size/MD5 checksum:   540780 3b9ab48015bbd4dfc1ab205b42f1113d
    Size/MD5 checksum:  2100958 fbf2c222a504e09e30f73cb0740a73a5
    Size/MD5 checksum:  1504318 8eaa760844c1b81d0f8bd21bdc7ca1d0
    Size/MD5 checksum:   850286 3e656a0805eb31600f8e3e520a2a6e36

hppa architecture (HP PA RISC)
    Size/MD5 checksum:  2268562 8cb4805915dfde8326fde4281c9aaa76
    Size/MD5 checksum:   969104 805c95116706c82051a5d08efce729e5
    Size/MD5 checksum:  1047026 2e06d411c0a8764db3504638d3b59ef9
    Size/MD5 checksum:  1528456 de6a4129635ee4565696198ce3423674
    Size/MD5 checksum:   634504 bab8594389626190b71ee97bfb46fa71

i386 architecture (Intel ia32)
    Size/MD5 checksum:  2108452 d75ba6c13fc77dd3eefddde480a05231
    Size/MD5 checksum:  5393290 14bf0f44b8c802e47834234be834d80b
    Size/MD5 checksum:  2977384 bf4c26767b006694843d036ebdca132a
    Size/MD5 checksum:   591782 bf5007e22e4bd31445458a5379086103
    Size/MD5 checksum:  1035868 64085f2b106009533bda0309f08548af

ia64 architecture (Intel ia64)
    Size/MD5 checksum:  2666530 42cdae406ce22e3e538f0d744f043a39
    Size/MD5 checksum:  1465582 33c84255a9515a9a528cbf3df9398ef5
    Size/MD5 checksum:   865352 9cbc10e393eb3d30d34ea384c6f1f9f5
    Size/MD5 checksum:  1105090 cc7485d310d4770c2b1e93c6d74dcc2b
    Size/MD5 checksum:  1280654 fde186a4983ac6cafcd3d5ec7e1d6f98

mips architecture (MIPS (Big Endian))
    Size/MD5 checksum:  1025868 8b7f565c4c0a15b15f20f2e074bb503a
    Size/MD5 checksum:   900162 391ac436c8d7ed7b55a8ea9e90c7d8be
    Size/MD5 checksum:  2307960 227ac5c7b409d061222b94bc40e8cd18
    Size/MD5 checksum:  1622826 8a4f73d6cd497076490404a2dade26ba
    Size/MD5 checksum:   585108 d8447df55a530959b6cd9d5d3039c0da

mipsel architecture (MIPS (Little Endian))
    Size/MD5 checksum:  1012186 4a154b5c4d864f7dcd0bf019dfb41c5d
    Size/MD5 checksum:  1588308 1222eb6b1870602335ef0722b7047b6a
    Size/MD5 checksum:   572370 a2535f616be099e9361a55637c3375d3
    Size/MD5 checksum:  2295070 7446121759684083870d5ae0d26969c0
    Size/MD5 checksum:   885668 3745e7c578002628f78f02bd5afeb84f

powerpc architecture (PowerPC)
    Size/MD5 checksum:  1643808 43814c865d098046bc1dca1920820354
    Size/MD5 checksum:  1047060 5c45e5a5d02f856cb9dc29029d0b5557
    Size/MD5 checksum:   656166 309fdeebe15bbecbe8c55dbd5ddbdd3a
    Size/MD5 checksum:   997540 f4bf73493f3964b8a23bdd424694f079
    Size/MD5 checksum:  2251238 35f6f59b07e57eb538da19545a733d5f

s390 architecture (IBM S/390)
    Size/MD5 checksum:   693040 26cab41169c6b8f64ce7936a2ea65a7b
    Size/MD5 checksum:  1051130 f67b4fd152e1175f81022ffd345d6c78
    Size/MD5 checksum:  2231782 c7796fff8c97bbf0c5ab69440cbd50f9
    Size/MD5 checksum:  1602496 a9595ac98fc11015dd4bb2634416197b
    Size/MD5 checksum:  1024562 ff293933ef4eb5e952659fe7caf82c8b

sparc architecture (Sun SPARC/UltraSPARC)
    Size/MD5 checksum:  2290536 e5c655fbcc524fe7bb56945cc8b2f5d1
    Size/MD5 checksum:  3868850 b9cbaa2cbb2cfa4aa1dce984148dba4b
    Size/MD5 checksum:  2146488 d0c17736c2b26a97491e34321ffff3f5
    Size/MD5 checksum:   580510 28ab74855c8a34bb002b44fd7ecb8997
    Size/MD5 checksum:  1043044 d78ffaf44d1177b05fa0cfb02d76128a

  These files will probably be moved into the stable distribution on
  its next update.

- ---------------------------------------------------------------------------------
For apt-get: deb stable/updates main
For dpkg-ftp: dists/stable/updates/main
Mailing list: This email address is being protected from spambots. You need JavaScript enabled to view it.
Package info: `apt-cache show ' and


LinuxSecurity Poll

How frequently do you patch/update your system?

No answer selected. Please try again.
Please select either existing option or enter your own, however not both.
Please select minimum 0 answer(s) and maximum 3 answer(s).
[{"id":"179","title":"As soon as patches\/updates are released - I track advisories for my distro(s) diligently","votes":"64","type":"x","order":"1","pct":76.19,"resources":[]},{"id":"180","title":"Every so often, when I think of it","votes":"13","type":"x","order":"2","pct":15.48,"resources":[]},{"id":"181","title":"Hardly ever","votes":"7","type":"x","order":"3","pct":8.33,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350

Please vote first in order to view vote results.



bottom 200

Please enable / Bitte aktiviere JavaScript!
Veuillez activer / Por favor activa el Javascript![ ? ]

We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.