Lucene search

K
osvGoogleOSV:DLA-177-1
HistoryMar 20, 2015 - 12:00 a.m.

openssl - security update

2015-03-2000:00:00
Google
osv.dev
24

EPSS

0.944

Percentile

99.2%

Multiple vulnerabilities have been discovered in OpenSSL, a Secure
Sockets Layer toolkit. The Common Vulnerabilities and Exposures project
identifies the following issues:

  • CVE-2015-0209
    It was discovered that a malformed EC private key might result in
    memory corruption.
  • CVE-2015-0286
    Stephen Henson discovered that the ASN1_TYPE_cmp() function
    can be crashed, resulting in denial of service.
  • CVE-2015-0287
    Emilia Kaesper discovered a memory corruption in ASN.1 parsing.
  • CVE-2015-0288
    It was discovered that missing input sanitising in the
    X509_to_X509_REQ() function might result in denial of service.
  • CVE-2015-0289
    Michal Zalewski discovered a NULL pointer dereference in the
    PKCS#7 parsing code, resulting in denial of service.
  • CVE-2015-0292
    It was discovered that missing input sanitising in base64 decoding
    might result in memory corruption.
  • CVE-2015-0293
    A malicious client can trigger an OPENSSL_assert (i.e., an abort) in
    servers that both support SSLv2 and enable export cipher suites by sending
    a specially crafted SSLv2 CLIENT-MASTER-KEY message.

For Debian 6 Squeeze, these issues have been fixed in openssl version 0.9.8o-4squeeze20