Linux Security
    Linux Security
    Linux Security

    Debian: DSA-3053-1: openssl security update

    Date
    127
    Posted By
    Several vulnerabilities have been found in OpenSSL, the Secure Sockets Layer library and toolkit. CVE-2014-3513
    
    - -------------------------------------------------------------------------
    Debian Security Advisory DSA-3053-1                   This email address is being protected from spambots. You need JavaScript enabled to view it.
    https://www.debian.org/security/                           Thijs Kinkhorst
    October 16, 2014                       https://www.debian.org/security/faq
    - -------------------------------------------------------------------------
    
    Package        : openssl
    CVE ID         : CVE-2014-3513 CVE-2014-3566 CVE-2014-3567 CVE-2014-3568
    
    Several vulnerabilities have been found in OpenSSL, the Secure Sockets
    Layer library and toolkit.
    
    CVE-2014-3513
    
        A memory leak flaw was found in the way OpenSSL parsed the DTLS Secure
        Real-time Transport Protocol (SRTP) extension data. A remote attacker
        could send multiple specially crafted handshake messages to exhaust
        all available memory of an SSL/TLS or DTLS server.
    
    CVE-2014-3566 ("POODLE")
    
        A flaw was found in the way SSL 3.0 handled padding bytes when
        decrypting messages encrypted using block ciphers in cipher block
        chaining (CBC) mode. This flaw allows a man-in-the-middle (MITM)
        attacker to decrypt a selected byte of a cipher text in as few as 256
        tries if they are able to force a victim application to repeatedly send
        the same data over newly created SSL 3.0 connections. 
    
        This update adds support for Fallback SCSV to mitigate this issue.
    
    CVE-2014-3567
    
        A memory leak flaw was found in the way an OpenSSL handled failed
        session ticket integrity checks. A remote attacker could exhaust all
        available memory of an SSL/TLS or DTLS server by sending a large number
        of invalid session tickets to that server. 
    
    CVE-2014-3568
    
        When OpenSSL is configured with "no-ssl3" as a build option, servers
        could accept and complete a SSL 3.0 handshake, and clients could be
        configured to send them.
    
    For the stable distribution (wheezy), these problems have been fixed in
    version 1.0.1e-2+deb7u13.
    
    For the unstable distribution (sid), these problems have been fixed in
    version 1.0.1j-1.
    
    We recommend that you upgrade your openssl packages.
    
    Further information about Debian Security Advisories, how to apply
    these updates to your system and frequently asked questions can be
    found at: https://www.debian.org/security/
    
    Mailing list: This email address is being protected from spambots. You need JavaScript enabled to view it.
    

    LinuxSecurity Poll

    Which statement best describes how you feel about the recent Linux 5.9 release?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 2 answer(s).
    /main-polls/40-what-change-are-you-most-excited-about-in-linux-5-9?task=poll.vote&format=json
    40
    radio
    [{"id":"140","title":"Not a game-changer for me.","votes":"1","type":"x","order":"1","pct":16.67,"resources":[]},{"id":"141","title":"I'm happy with the performance improvements it offers.","votes":"5","type":"x","order":"2","pct":83.33,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350


    VIEW MORE POLLS

    bottom 200

    Please enable / Bitte aktiviere JavaScript!
    Veuillez activer / Por favor activa el Javascript![ ? ]

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.