Linux Security
    Linux Security
    Linux Security

    Debian: OpenSSL Denial of service vulnerabilities

    Date 17 Mar 2004
    3311
    Posted By LinuxSecurity Advisories
    Remote attacker can crash OpenSSL by triggering a null pointer dereference.
    
    Debian Security Advisory DSA 465-1                     This email address is being protected from spambots. You need JavaScript enabled to view it. 
    https://www.debian.org/security/                             Matt Zimmerman
    March 17th, 2004                         https://www.debian.org/security/faq
    - --------------------------------------------------------------------------
    
    Package        : openssl,openssl094,openssl095
    Vulnerability  : several
    Problem-Type   : remote
    Debian-specific: no
    CVE Ids        : CAN-2004-0079 CAN-2004-0081
    
    Two vulnerabilities were discovered in openssl, an implementation of
    the SSL protocol, using the Codenomicon TLS Test Tool.  More
    information can be found in the following NISCC Vulnerability
    Advisory:
     
    https://www.uniras.gov.uk/vuls/2004/224012/index.htm
    
    and this OpenSSL advisory:
     
    https://www.openssl.org/news/secadv_20040317.txt
    
     - CAN-2004-0079 - null-pointer assignment in the
       do_change_cipher_spec() function.  A remote attacker could perform
       a carefully crafted SSL/TLS handshake against a server that used
       the OpenSSL library in such a way as to cause OpenSSL to crash.
       Depending on the application this could lead to a denial of
       service.
    
     - CAN-2004-0081 - a bug in older versions of OpenSSL 0.9.6 that
       can lead to a Denial of Service attack (infinite loop).
    
    For the stable distribution (woody) these problems have been fixed in
    openssl version 0.9.6c-2.woody.6, openssl094 version 0.9.4-6.woody.4
    and openssl095 version 0.9.5a-6.woody.5.
    
    For the unstable distribution (sid) these problems will be fixed soon.
    
    We recommend that you update your openssl package.
    
    Upgrade Instructions
    - --------------------
    
    wget url
            will fetch the file for you
    dpkg -i file.deb
            will install the referenced file.
    
    If you are using the apt-get package manager, use the line for
    sources.list as given below:
    
    apt-get update
            will update the internal database
    apt-get upgrade
            will install corrected packages
    
    You may use an automated update by adding the resources from the
    footer to the proper configuration.
    
    Debian GNU/Linux 3.0 alias woody
    - --------------------------------
    
      Source archives:
    
         https://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.6c-2.woody.6.dsc
          Size/MD5 checksum:      632 c12536a01aca47e52d17e22310acbdd7
         https://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.6c-2.woody.6.diff.gz
          Size/MD5 checksum:    44829 7478b91c110b6f1e52cf459cb44c07e1
         https://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.6c.orig.tar.gz
          Size/MD5 checksum:  2153980 c8261d93317635d56df55650c6aeb3dc
         https://security.debian.org/pool/updates/main/o/openssl094/openssl094_0.9.4-6.woody.3.dsc
          Size/MD5 checksum:      624 e10b520a03dc6a86acd3609ed390bf21
         https://security.debian.org/pool/updates/main/o/openssl094/openssl094_0.9.4-6.woody.3.diff.gz
          Size/MD5 checksum:    46851 5108530e438a6c00458fb034db238392
         https://security.debian.org/pool/updates/main/o/openssl094/openssl094_0.9.4.orig.tar.gz
          Size/MD5 checksum:  1570392 72544daea16d6c99d656b95f77b01b2d
         https://security.debian.org/pool/updates/main/o/openssl095/openssl095_0.9.5a-6.woody.5.dsc
          Size/MD5 checksum:      631 0548af08e7b80fe2c7e73108bf352230
         https://security.debian.org/pool/updates/main/o/openssl095/openssl095_0.9.5a-6.woody.5.diff.gz
          Size/MD5 checksum:    39190 837e26caaf8c22a566dbefdd6ffc56ea
         https://security.debian.org/pool/updates/main/o/openssl095/openssl095_0.9.5a.orig.tar.gz
          Size/MD5 checksum:  1892089 99d22f1d4d23ff8b927f94a9df3997b4
    
      Architecture independent components:
    
         https://security.debian.org/pool/updates/main/o/openssl/ssleay_0.9.6c-2.woody.6_all.deb
          Size/MD5 checksum:      980 be0ff309c754f9eb062bdc7d65a71819
    
      Alpha architecture:
    
         https://security.debian.org/pool/updates/main/o/openssl/libssl-dev_0.9.6c-2.woody.6_alpha.deb
          Size/MD5 checksum:  1551564 72e47db6c9dcda4e5a6acf92a1ea2101
         https://security.debian.org/pool/updates/main/o/openssl/libssl0.9.6_0.9.6c-2.woody.6_alpha.deb
          Size/MD5 checksum:   571350 cfd18f4a40a6cffbbaef2f14f4e94aa1
         https://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.6c-2.woody.6_alpha.deb
          Size/MD5 checksum:   736410 f16961ca1e20d6f88f9bf99aa94b817b
         https://security.debian.org/pool/updates/main/o/openssl095/libssl095a_0.9.5a-6.woody.5_alpha.deb
          Size/MD5 checksum:   497332 066bc60aaa29ae1fb0d24c7c46a7e0cd
    
      ARM architecture:
    
         https://security.debian.org/pool/updates/main/o/openssl/libssl-dev_0.9.6c-2.woody.6_arm.deb
          Size/MD5 checksum:  1358118 42ee5f1969cae9faee362fad210422da
         https://security.debian.org/pool/updates/main/o/openssl/libssl0.9.6_0.9.6c-2.woody.6_arm.deb
          Size/MD5 checksum:   474164 8ca5f15c012b6eb5bad33bf27180b9e1
         https://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.6c-2.woody.6_arm.deb
          Size/MD5 checksum:   729876 259449511f610538b0429ad552d627e9
         https://security.debian.org/pool/updates/main/o/openssl095/libssl095a_0.9.5a-6.woody.5_arm.deb
          Size/MD5 checksum:   402664 6c3c6fb33553e370d966161c44371eed
    
      Intel IA-32 architecture:
    
         https://security.debian.org/pool/updates/main/o/openssl/libssl-dev_0.9.6c-2.woody.6_i386.deb
          Size/MD5 checksum:  1290986 ee3f1bd5dc3de3e7dff6e945e73bf7b1
         https://security.debian.org/pool/updates/main/o/openssl/libssl0.9.6_0.9.6c-2.woody.6_i386.deb
          Size/MD5 checksum:   461870 8d24ba643ce45cf495d775fa7062e53e
         https://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.6c-2.woody.6_i386.deb
          Size/MD5 checksum:   723346 e258d6e5c4e79767d1b75ae29a103a6d
         https://security.debian.org/pool/updates/main/o/openssl094/libssl09_0.9.4-6.woody.3_i386.deb
          Size/MD5 checksum:   358500 92eb1693ec21ca108f0d06932ce4f9db
         https://security.debian.org/pool/updates/main/o/openssl095/libssl095a_0.9.5a-6.woody.5_i386.deb
          Size/MD5 checksum:   399952 068f0a3443cbebbd23571df0170cad84
    
      Intel IA-64 architecture:
    
         https://security.debian.org/pool/updates/main/o/openssl/libssl-dev_0.9.6c-2.woody.6_ia64.deb
          Size/MD5 checksum:  1615338 e59a7278d4d972943247b83d57e1712b
         https://security.debian.org/pool/updates/main/o/openssl/libssl0.9.6_0.9.6c-2.woody.6_ia64.deb
          Size/MD5 checksum:   711170 bb0b97f071f942d23d2f7f5362c34c06
         https://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.6c-2.woody.6_ia64.deb
          Size/MD5 checksum:   763566 e3ebf464f440dbd86ae18c1b25ebac0f
    
      HP Precision architecture:
    
         https://security.debian.org/pool/updates/main/o/openssl/libssl-dev_0.9.6c-2.woody.6_hppa.deb
          Size/MD5 checksum:  1435466 2c77d74ee8c1aaf6bebf02538f307ef6
         https://security.debian.org/pool/updates/main/o/openssl/libssl0.9.6_0.9.6c-2.woody.6_hppa.deb
          Size/MD5 checksum:   565020 9133258c424eadf23b659993439e4147
         https://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.6c-2.woody.6_hppa.deb
          Size/MD5 checksum:   742002 a5222dc5116da8dce774643cb09925bb
    
      Motorola 680x0 architecture:
    
         https://security.debian.org/pool/updates/main/o/openssl/libssl-dev_0.9.6c-2.woody.6_m68k.deb
          Size/MD5 checksum:  1266746 94ce507777c7889cac278a1701bfa07d
         https://security.debian.org/pool/updates/main/o/openssl/libssl0.9.6_0.9.6c-2.woody.6_m68k.deb
          Size/MD5 checksum:   450742 cdb074142fb09b42b44d581bfe39f3b6
         https://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.6c-2.woody.6_m68k.deb
          Size/MD5 checksum:   720494 1c563a7eb888efbe767caf60d58d60c3
         https://security.debian.org/pool/updates/main/o/openssl095/libssl095a_0.9.5a-6.woody.5_m68k.deb
          Size/MD5 checksum:   376910 1976f00b903cbf56c3fecd8746bcdb13
    
      Big endian MIPS architecture:
    
         https://security.debian.org/pool/updates/main/o/openssl/libssl-dev_0.9.6c-2.woody.6_mips.deb
          Size/MD5 checksum:  1416298 3784e3df38ca0e7429ebc3bd3443a751
         https://security.debian.org/pool/updates/main/o/openssl/libssl0.9.6_0.9.6c-2.woody.6_mips.deb
          Size/MD5 checksum:   483772 781e99d232b8cb2d8eb2ffd7872be3cd
         https://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.6c-2.woody.6_mips.deb
          Size/MD5 checksum:   717852 f40b33d0bf0259121d73eb24d765c95d
         https://security.debian.org/pool/updates/main/o/openssl095/libssl095a_0.9.5a-6.woody.5_mips.deb
          Size/MD5 checksum:   412764 6b1c44e692941adab697af4f9bc548d9
    
      Little endian MIPS architecture:
    
         https://security.debian.org/pool/updates/main/o/openssl/libssl-dev_0.9.6c-2.woody.5_mipsel.deb
          Size/MD5 checksum:  1410210 51022eaeba69faf250c2bec4384c399b
         https://security.debian.org/pool/updates/main/o/openssl/libssl0.9.6_0.9.6c-2.woody.5_mipsel.deb
          Size/MD5 checksum:   476744 76be9bc27f5fe75f05ecf0a1b3a54f3c
         https://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.6c-2.woody.5_mipsel.deb
          Size/MD5 checksum:   717148 047c9f61de01b84f73dc18a5b2e7c507
         https://security.debian.org/pool/updates/main/o/openssl095/libssl095a_0.9.5a-6.woody.5_mipsel.deb
          Size/MD5 checksum:   407554 98928a0620c1fef51662c4f03ef56de6
    
      PowerPC architecture:
    
         https://security.debian.org/pool/updates/main/o/openssl/libssl-dev_0.9.6c-2.woody.6_powerpc.deb
          Size/MD5 checksum:  1386978 6e7b16a9bb3e2e780ef76408f516e760
         https://security.debian.org/pool/updates/main/o/openssl/libssl0.9.6_0.9.6c-2.woody.6_powerpc.deb
          Size/MD5 checksum:   502578 ad9b8b2222b035154fae759f1a1f6a29
         https://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.6c-2.woody.6_powerpc.deb
          Size/MD5 checksum:   726792 7a1881432528a890c0ca9800fc33b6c2
         https://security.debian.org/pool/updates/main/o/openssl095/libssl095a_0.9.5a-6.woody.5_powerpc.deb
          Size/MD5 checksum:   425652 43e11b5bc3ed981c2c68418cbafa37e2
    
      IBM S/390 architecture:
    
         https://security.debian.org/pool/updates/main/o/openssl/libssl-dev_0.9.6c-2.woody.6_s390.deb
          Size/MD5 checksum:  1326484 663c1bd6518a284d2fde11ff5d728506
         https://security.debian.org/pool/updates/main/o/openssl/libssl0.9.6_0.9.6c-2.woody.6_s390.deb
          Size/MD5 checksum:   510582 61670cd45b446474caaae9fd7bac74b0
         https://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.6c-2.woody.6_s390.deb
          Size/MD5 checksum:   731686 6e5f1c96f5c0d1c78ed74b6f90d15e2d
    
      Sun Sparc architecture:
    
         https://security.debian.org/pool/updates/main/o/openssl/libssl-dev_0.9.6c-2.woody.6_sparc.deb
          Size/MD5 checksum:  1344384 f383f9926645f06e8458c4f4cdf9c4b5
         https://security.debian.org/pool/updates/main/o/openssl/libssl0.9.6_0.9.6c-2.woody.6_sparc.deb
          Size/MD5 checksum:   484864 76b6f3d6b33969295aa38b4285b4bc16
         https://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.6c-2.woody.6_sparc.deb
          Size/MD5 checksum:   737280 9f57ba959daa989b54b214ebbb8824a4
         https://security.debian.org/pool/updates/main/o/openssl095/libssl095a_0.9.5a-6.woody.5_sparc.deb
          Size/MD5 checksum:   412390 a596f5a5a4df199a088c86e96e3eae9b
    
      These files will probably be moved into the stable distribution on
      its next revision.
    
    - ---------------------------------------------------------------------------------
    For apt-get: deb  https://security.debian.org/ stable/updates main
    For dpkg-ftp:  ftp://security.debian.org/debian-security dists/stable/updates/main
    Mailing list: This email address is being protected from spambots. You need JavaScript enabled to view it.
    Package info: `apt-cache show ' and  https://packages.debian.org/
    
    

    Advisories

    LinuxSecurity Poll

    'Tis the season of giving! How have you given back to the open-source community?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 3 answer(s).
    /main-polls/49-tis-the-season-of-giving-how-have-you-given-back-to-the-open-source-community?task=poll.vote&format=json
    49
    radio
    [{"id":"171","title":"I've contributed to the development of an open-source project.","votes":"11","type":"x","order":"1","pct":34.38,"resources":[]},{"id":"172","title":"I've reviewed open-source code for security bugs.","votes":"6","type":"x","order":"2","pct":18.75,"resources":[]},{"id":"173","title":"I've made a donation to an open-source project.","votes":"15","type":"x","order":"3","pct":46.88,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350

    Please vote first in order to view vote results.


    VIEW MORE POLLS

    bottom 200

    Please enable / Bitte aktiviere JavaScript!
    Veuillez activer / Por favor activa el Javascript![ ? ]

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.