A flaw was discovered in PolarSSL, a lightweight crypto and SSL/TLS
library, which can be exploited by a remote unauthenticated attacker to
mount a denial of service against PolarSSL servers that offer GCM
ciphersuites. Potentially clients are affected too if a malicious server
decides to execute the denial of service attack against its clients.
For the stable distribution (wheezy), this problem has been fixed in
For the testing distribution (jessie), this problem has been fixed in
For the unstable distribution (sid), this problem has been fixed in
We recommend that you upgrade your polarssl packages.
Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/
Mailing list: [email protected]
Debian Security Advisory DSA-2981-1 [email protected]
https://www.debian.org/security/ Salvatore Bonaccorso
July 18, 2014 https://www.debian.org/security/faq