Debian 3.1: DSA-1195-1 Critical: OpenSSL Denial of Service
debian
October 10, 2006
Updated package.
Topics Covered
Summary
CVE-2006-4343
Tavis Ormandy and Will Drewry of the Google Security Team
discovered a possible DoS in the sslv2 client code. Where a
client application uses OpenSSL to make a SSLv2 connection to
a malicious server that server could cause the client to
crash.
CVE-2006-2940
Dr S N Henson of the OpenSSL core team and Open Network
Security recently developed an ASN1 test suite for NISCC
(). When the test suite was run against
OpenSSL a DoS was discovered.
Certain types of public key can take disproportionate amounts
of time to process. This could be used by an attacker in a
denial of service attack.
For the stable distribution (sarge) these problems have been fixed in
version 0.9.6m-1sarge4
This package exists only for compatibility with older software, and is
not present in the unstable or testing branches of Debian.
We recommend that you upgrade your openssl096 package. Note that
ser...
PREVIOUS
NEXT
Severity
critical
Lowest
Low
Medium
High
Critical
Topics Covered
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Related News
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!