Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 580
Alerts This Week
Warning Icon 1 580

Debian: 1.0.1e-2 Critical: DSA-3197-2 OpenSSL DoS Update

debian
Calendar Grey March 24, 2015
Debian Logo
Ubuntu refreshes its kernel to address issues introduced by earlier updates, bolstering defense against critical vulnerabilities.
The openssl update issued as DSA 3197-1 caused regressions

Summary

Multiple vulnerabilities have been discovered in OpenSSL, a Secure
Sockets Layer toolkit. The Common Vulnerabilities and Exposures project
identifies the following issues:

CVE-2015-0286

Stephen Henson discovered that the ASN1_TYPE_cmp() function
can be crashed, resulting in denial of service.

CVE-2015-0287

Emilia Kaesper discovered a memory corruption in ASN.1 parsing.

CVE-2015-0289

Michal Zalewski discovered a NULL pointer dereference in the
PKCS#7 parsing code, resulting in denial of service.

CVE-2015-0292

It was discovered that missing input sanitising in base64 decoding
might result in memory corruption.

CVE-2015-0209

It was discovered that a malformed EC private key might result in
memory corruption.

CVE-2015-0288

It was discovered that missing input sanitising in the
X509_to_X509_REQ() function might result in denial of service.

For the stable distribution (wheezy), these problems have been fixed in
version 1.0.1e-2+deb7u16.

We recommend that you upgrade ...

Read the Full Advisory

Severity
critical
Lowest
Low
Medium
High
Critical

Package: openssl
CVE ID: CVE-2015-0209 CVE-2015-0286 CVE-2015-0287 CVE-2015-0288

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.