Debian 3.0: DSA 288-1 Urgent: OpenSSL Vulnerabilities and Remote Risks
debian
April 17, 2003
Applications that are linked against the openssl library are generally vulnerable to attacks that could leak the server's private key or make the encrypted sessiondecryptable other...
Topics Covered
Summary
Researchers discovered two flaws in OpenSSL, a Secure Socket Layer
(SSL) library and related cryptographic tools. Applications that are
linked against this library are generally vulnerable to attacks that
could leak the server's private key or make the encrypted session
decryptable otherwise. The Common Vulnerabilities and Exposures (CVE)
project identified the following vulnerabilities:
CAN-2003-0147
OpenSSL does not use RSA blinding by default, which allows local and
remote attackers to obtain the server's private key.
CAN-2003-0131
The SSL and allow remote attackers to perform an unauthorized RSA
private key operation that cause OpenSSL to leak information
regarding the relationship between ciphertext and the associated
plaintext.
For the stable distribution (woody) these problems have been fixed in
version 0.9.6c-2.woody.3.
For the old stable distribution (potato) these problems have been
fixed in version 0.9.6c-0.potato.6.
For the unstable distribution (sid) these problems ha...
PREVIOUS
NEXT
Severity
critical
Lowest
Low
Medium
High
Critical
Package: openssl
Topics Covered
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Related News
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!