Lucene search

K
debianDebianDEBIAN:BSA-060:0BDFE
HistoryNov 14, 2011 - 4:20 a.m.

[BSA-060] Security Update for openssl

2011-11-1404:20:38
lists.debian.org
17

10 High

AI Score

Confidence

High

5 Medium

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

0.305 Low

EPSS

Percentile

97.0%

Andres Salomon uploaded new packages for openssl which fixed the
following security problems:

CVE-2011-3210
Unsafe thread handling in ECDH ciphersuite allow denial of
service attack.

CVE-2011-1945
Timing attacks against ECDHE_ECDSA private keys.

CVE-2011-0014
Remote denial of service attacks possible or information leak
via malformed handshake messages.

For the lenny-backports distribution the problems have been fixed in
version 0.9.8o-4squeeze4~bpo50+1.

For the stable distribution (squeeze), the problems have been fixed in
version 0.9.8o-4squeeze4.
Attachment:
signature.asc
Description: PGP signature

10 High

AI Score

Confidence

High

5 Medium

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

0.305 Low

EPSS

Percentile

97.0%