Zusammenfassung: | Multiple vulnerabilities have been identified in OpenSSL, a Secure;Sockets Layer toolkit, that may result in denial of service;(application crash, large memory consumption), information leak,;protocol downgrade. Additionally, a buffer overrun affecting only;applications explicitly set up for SRP has been fixed (CVE-2014-3512).;;It's important that you upgrade the libssl1.0.0 package and not just;the openssl package.;;All applications linked to openssl need to be restarted. You can use;the checkrestart;tool from the debian-goodies package to detect;affected programs. Alternatively, you may reboot your system. |
Beschreibung: | Summary: Multiple vulnerabilities have been identified in OpenSSL, a Secure Sockets Layer toolkit, that may result in denial of service (application crash, large memory consumption), information leak, protocol downgrade. Additionally, a buffer overrun affecting only applications explicitly set up for SRP has been fixed (CVE-2014-3512).
It's important that you upgrade the libssl1.0.0 package and not just the openssl package.
All applications linked to openssl need to be restarted. You can use the checkrestart tool from the debian-goodies package to detect affected programs. Alternatively, you may reboot your system.
Affected Software/OS: openssl on Debian Linux
Solution: For the stable distribution (wheezy), these problems have been fixed in version 1.0.1e-2+deb7u12.
For the testing distribution (jessie), these problems will be fixed soon.
For the unstable distribution (sid), these problems have been fixed in version 1.0.1i-1.
We recommend that you upgrade your openssl packages.
CVSS Score: 7.5
CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
|