CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
AI Score
Confidence
Low
EPSS
Percentile
99.9%
Package : openssl
Version : 0.9.8o-4squeeze21
CVE ID : CVE-2014-8176 CVE-2015-1789 CVE-2015-1790 CVE-2015-1791
CVE-2015-1792 CVE-2015-4000
Multiple vulnerabilities were discovered in OpenSSL, a Secure Sockets
Layer toolkit.
CVE-2014-8176
Praveen Kariyanahalli, Ivan Fratric and Felix Groebert discovered
that an invalid memory free could be triggered when buffering DTLS
data. This could allow remote attackers to cause a denial of service
(crash) or potentially execute arbitrary code. This issue only
affected the oldstable distribution (wheezy).
CVE-2015-1789
Robert Swiecki and Hanno B??ck discovered that the X509_cmp_time
function could read a few bytes out of bounds. This could allow remote
attackers to cause a denial of service (crash) via crafted
certificates and CRLs.
CVE-2015-1790
Michal Zalewski discovered that the PKCS#7 parsing code did not
properly handle missing content which could lead to a NULL pointer
dereference. This could allow remote attackers to cause a denial of
service (crash) via crafted ASN.1-encoded PKCS#7 blobs.
CVE-2015-1791
Emilia K??sper discovered that a race condition could occur due to
incorrect handling of NewSessionTicket in a multi-threaded client,
leading to a double free. This could allow remote attackers to cause
a denial of service (crash).
CVE-2015-1792
Johannes Bauer discovered that the CMS code could enter an infinite
loop when verifying a signedData message, if presented with an
unknown hash function OID. This could allow remote attackers to cause
a denial of service.
Additionally OpenSSL will now reject handshakes using DH parameters
shorter than 768 bits as a countermeasure against the Logjam attack
(CVE-2015-4000).
Attachment:
signature.asc
Description: Digital signature
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
Debian | 8 | kfreebsd-amd64 | icedtea-7-jre-jamvm | < 7u79-2.5.6-1~deb8u1 | icedtea-7-jre-jamvm_7u79-2.5.6-1~deb8u1_kfreebsd-amd64.deb |
Debian | 8 | powerpc | openjdk-7-jre | < 7u79-2.5.6-1~deb8u1 | openjdk-7-jre_7u79-2.5.6-1~deb8u1_powerpc.deb |
Debian | 8 | amd64 | libssl1.0.0-dbg | < 1.0.1k-3+deb8u1 | libssl1.0.0-dbg_1.0.1k-3+deb8u1_amd64.deb |
Debian | 7 | mips | libcrypto1.0.0-udeb | < 1.0.1e-2+deb7u17 | libcrypto1.0.0-udeb_1.0.1e-2+deb7u17_mips.deb |
Debian | 7 | i386 | libnss3-dbg | < 2:3.14.5-1+deb7u7 | libnss3-dbg_2:3.14.5-1+deb7u7_i386.deb |
Debian | 7 | amd64 | libnss3 | < 2:3.14.5-1+deb7u7 | libnss3_2:3.14.5-1+deb7u7_amd64.deb |
Debian | 7 | s390 | icedove-dbg | < 31.8.0-1~deb7u1 | icedove-dbg_31.8.0-1~deb7u1_s390.deb |
Debian | 7 | all | iceweasel-l10n-ml | < 1:31.8.0esr-1~deb7u1 | iceweasel-l10n-ml_1:31.8.0esr-1~deb7u1_all.deb |
Debian | 7 | mips | openjdk-6-jdk | < 6b36-1.13.8-1~deb7u1 | openjdk-6-jdk_6b36-1.13.8-1~deb7u1_mips.deb |
Debian | 8 | all | iceweasel-l10n-ru | < 1:31.8.0esr-1~deb8u1 | iceweasel-l10n-ru_1:31.8.0esr-1~deb8u1_all.deb |
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
AI Score
Confidence
Low
EPSS
Percentile
99.9%