5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
0.021 Low
EPSS
Percentile
89.0%
Package : openssl
Version : 0.9.8o-4squeeze20
CVE ID : CVE-2015-0209 CVE-2015-0286 CVE-2015-0287 CVE-2015-0288
CVE-2015-0289 CVE-2015-0292 CVE-2015-0293
Multiple vulnerabilities have been discovered in OpenSSL, a Secure
Sockets Layer toolkit. The Common Vulnerabilities and Exposures project
identifies the following issues:
CVE-2015-0209
It was discovered that a malformed EC private key might result in
memory corruption.
CVE-2015-0286
Stephen Henson discovered that the ASN1_TYPE_cmp() function
can be crashed, resulting in denial of service.
CVE-2015-0287
Emilia Kaesper discovered a memory corruption in ASN.1 parsing.
CVE-2015-0288
It was discovered that missing input sanitising in the
X509_to_X509_REQ() function might result in denial of service.
CVE-2015-0289
Michal Zalewski discovered a NULL pointer dereference in the
PKCS#7 parsing code, resulting in denial of service.
CVE-2015-0292
It was discovered that missing input sanitising in base64 decoding
might result in memory corruption.
CVE-2015-0293
A malicious client can trigger an OPENSSL_assert (i.e., an abort) in
servers that both support SSLv2 and enable export cipher suites by sending
a specially crafted SSLv2 CLIENT-MASTER-KEY message.
Attachment:
signature.asc
Description: Digital signature
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
Debian | 7 | armel | libssl-dev | < 1.0.1e-2+deb7u15 | libssl-dev_1.0.1e-2+deb7u15_armel.deb |
Debian | 7 | kfreebsd-i386 | libssl1.0.0 | < 1.0.1e-2+deb7u15 | libssl1.0.0_1.0.1e-2+deb7u15_kfreebsd-i386.deb |
Debian | 6 | amd64 | libssl0.9.8 | < 0.9.8o-4squeeze20 | libssl0.9.8_0.9.8o-4squeeze20_amd64.deb |
Debian | 7 | ia64 | libssl-dev | < 1.0.1e-2+deb7u15 | libssl-dev_1.0.1e-2+deb7u15_ia64.deb |
Debian | 7 | i386 | libcrypto1.0.0-udeb | < 1.0.1e-2+deb7u15 | libcrypto1.0.0-udeb_1.0.1e-2+deb7u15_i386.deb |
Debian | 7 | kfreebsd-i386 | libssl1.0.0-dbg | < 1.0.1e-2+deb7u15 | libssl1.0.0-dbg_1.0.1e-2+deb7u15_kfreebsd-i386.deb |
Debian | 7 | sparc | libcrypto1.0.0-udeb | < 1.0.1e-2+deb7u15 | libcrypto1.0.0-udeb_1.0.1e-2+deb7u15_sparc.deb |
Debian | 7 | kfreebsd-amd64 | openssl | < 1.0.1e-2+deb7u15 | openssl_1.0.1e-2+deb7u15_kfreebsd-amd64.deb |
Debian | 7 | powerpc | libssl1.0.0 | < 1.0.1e-2+deb7u15 | libssl1.0.0_1.0.1e-2+deb7u15_powerpc.deb |
Debian | 7 | s390x | openssl | < 1.0.1e-2+deb7u15 | openssl_1.0.1e-2+deb7u15_s390x.deb |