Debian 3.0: DSA 393-1 Security Update for OpenSSL Denial of Service Risk
debian
October 1, 2003
There are a number of errors in the ASN1 code.
Summary
Dr. Stephen Henson (steve@openssl.org), using a test suite provided by
NISCC (), discovered a number of errors in the OpenSSL
ASN1 code. Combined with an error that causes the OpenSSL code to parse
client certificates even when it should not, these errors can cause a
denial of service (DoS) condition on a system using the OpenSSL code,
depending on how that code is used. For example, even though apache-ssl
and ssh link to OpenSSL libraries, they should not be affected by this
vulnerability. However, other SSL-enabled applications may be
vulnerable and an OpenSSL upgrade is recommended.
For the current stable distribution (woody) these problems have been
fixed in version 0.9.6c-2.woody.4
For the unstable distribution (sid) these problems have been fixed in
version 0.9.7c-1
We recommend that you update your openssl package. Note that you will
need to restart services which use the libssl library for this update
to take effect.
Upgrade Instructions
- --------------------
wget url
will fetch the...
PREVIOUS
NEXT
Severity
important
Lowest
Low
Medium
High
Critical
Package: openssl
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Related News
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!