Lucene search

K
debianDebianDEBIAN:DLA-177-1:BC085
HistoryMar 20, 2015 - 9:40 p.m.

[SECURITY] [DLA 177-1] openssl security update

2015-03-2021:40:47
lists.debian.org
30

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

AI Score

7.9

Confidence

Low

EPSS

0.944

Percentile

99.2%

Package : openssl
Version : 0.9.8o-4squeeze20
CVE ID : CVE-2015-0209 CVE-2015-0286 CVE-2015-0287 CVE-2015-0288
CVE-2015-0289 CVE-2015-0292 CVE-2015-0293

Multiple vulnerabilities have been discovered in OpenSSL, a Secure
Sockets Layer toolkit. The Common Vulnerabilities and Exposures project
identifies the following issues:

CVE-2015-0209

It was discovered that a malformed EC private key might result in
memory corruption.

CVE-2015-0286

Stephen Henson discovered that the ASN1_TYPE_cmp() function
can be crashed, resulting in denial of service.

CVE-2015-0287

Emilia Kaesper discovered a memory corruption in ASN.1 parsing.

CVE-2015-0288

It was discovered that missing input sanitising in the
X509_to_X509_REQ() function might result in denial of service.

CVE-2015-0289

Michal Zalewski discovered a NULL pointer dereference in the
PKCS#7 parsing code, resulting in denial of service.

CVE-2015-0292

It was discovered that missing input sanitising in base64 decoding
might result in memory corruption.

CVE-2015-0293

A malicious client can trigger an OPENSSL_assert (i.e., an abort) in
servers that both support SSLv2 and enable export cipher suites by sending
a specially crafted SSLv2 CLIENT-MASTER-KEY message.

Attachment:
signature.asc
Description: Digital signature

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

AI Score

7.9

Confidence

Low

EPSS

0.944

Percentile

99.2%