Lucene search

K
debianDebianDEBIAN:SSL-:00C17
HistoryJun 20, 2014 - 4:35 p.m.

openssl security update

2014-06-2016:35:50
lists.debian.org
67

EPSS

0.973

Percentile

99.9%

Package: openssl
Version: 0.9.8o-4squeeze16
CVE ID: CVE-2014-0224 CVE-2012-4929

CVE-2014-0224

This update updates the upstream fix for CVE-2014-0224 to address
problems with renegotiation under some conditions.

original text:
KIKUCHI Masashi discovered that carefully crafted handshakes can
force the use of weak keys, resulting in potential man-in-the-middle
attacks.

CVE-2012-4929

ZLIB compression is now disabled by default.  If you need
to re-enable it for some reason, you can set the environment
variable OPENSSL_NO_DEFAULT_ZLIB.

It's important that you upgrade the libssl0.9.8 package and not
just the openssl package.

All applications linked to openssl need to be restarted. You can
use the tool checkrestart from the package debian-goodies to
detect affected programs or reboot your system.

Kurt