Debian: DSA-2950-1 Critical: OpenSSL DoS and Buffer Overflow
debian
June 5, 2014
Multiple vulnerabilities have been discovered in OpenSSL: CVE-2014-0195
Topics Covered
Summary
Multiple vulnerabilities have been discovered in OpenSSL:
CVE-2014-0195
Jueri Aedla discovered that a buffer overflow in processing DTLS
fragments could lead to the execution of arbitrary code or denial
of service.
CVE-2014-0221
Imre Rad discovered the processing of DTLS hello packets is
susceptible to denial of service.
CVE-2014-0224
KIKUCHI Masashi discovered that carefully crafted handshakes can
force the use of weak keys, resulting in potential man-in-the-middle
attacks.
CVE-2014-3470
Felix Groebert and Ivan Fratric discovered that the implementation of
anonymous ECDH ciphersuites is suspectible to denial of service.
Additional information can be found at
For the stable distribution (wheezy), these problems have been fixed in
version 1.0.1e-2+deb7u10. All applications linked to openssl need to
be restarted. You can use the tool checkrestart from the package
debian-goodies to detect affected programs or reboot your system. There's
also a forthcoming security...
PREVIOUS
NEXT
Severity
critical
Lowest
Low
Medium
High
Critical
Package: openssl
CVE ID: CVE-2014-0195 CVE-2014-0221 CVE-2014-0224 CVE-2014-3470
Topics Covered
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Related News
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!