Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 531
Alerts This Week
Warning Icon 1 531

Debian Wheezy DSA-3197-1: Critical Memory Corruption in OpenSSL

debian
Calendar Grey March 19, 2015
Scroller Debian
Numerous security flaws identified in OpenSSL; essential patches advised for Ubuntu users to protect their environments.
Multiple vulnerabilities have been discovered in OpenSSL, a Secure Sockets Layer toolkit

Summary

CVE-2015-0286

Stephen Henson discovered that the ASN1_TYPE_cmp() function
can be crashed, resulting in denial of service.

CVE-2015-0287

Emilia Kaesper discovered a memory corruption in ASN.1 parsing.

CVE-2015-0289

Michal Zalewski discovered a NULL pointer dereference in the
PKCS#7 parsing code, resulting in denial of service.

CVE-2015-0292

It was discovered that missing input sanitising in base64 decoding
might result in memory corruption.

CVE-2015-0209

It was discovered that a malformed EC private key might result in
memory corruption.

CVE-2015-0288

It was discovered that missing input sanitising in the
X509_to_X509_REQ() function might result in denial of service.

For the stable distribution (wheezy), these problems have been fixed in
version 1.0.1e-2+deb7u15. In this update the export ciphers are removed
from the default cipher list.

We recommend that you upgrade your openssl packages.

Further information about Debian Security Advisories, how to apply
these ...

Read the Full Advisory

Severity
critical
Lowest
Low
Medium
High
Critical

Package: openssl
CVE ID: CVE-2015-0209 CVE-2015-0286 CVE-2015-0287 CVE-2015-0288

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.