polarssl - security update

2015-01-2400:00:00

Google

osv.dev

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

JSON

A vulnerability was discovered in PolarSSL, a lightweight crypto and
SSL/TLS library. A remote attacker could exploit this flaw using
specially crafted certificates to mount a denial of service against an
application linked against the library (application crash), or
potentially, to execute arbitrary code.

For the stable distribution (wheezy), this problem has been fixed in
version 1.2.9-1~deb7u5.

For the upcoming stable distribution (jessie) and the unstable
distribution (sid), this problem will be fixed soon.

We recommend that you upgrade your polarssl packages.

CPENameOperatorVersion
polarssleq1.2.9-1~deb7u4
polarssleq1.2.6-1
polarssleq1.1.4-2
polarssleq1.2.8-1
polarssleq1.2.7-1
polarssleq1.2.9-1~deb6u4
polarssleq1.2.9-1~deb6u1
polarssleq1.2.3-1
polarssleq1.2.9-1~deb6u2
polarssleq1.2.9-1~deb6u5

Name	Operator	Version
polarssl	eq	1.2.9-1~deb7u4
polarssl	eq	1.2.6-1
polarssl	eq	1.1.4-2
polarssl	eq	1.2.8-1
polarssl	eq	1.2.7-1
polarssl	eq	1.2.9-1~deb6u4
polarssl	eq	1.2.9-1~deb6u1
polarssl	eq	1.2.3-1
polarssl	eq	1.2.9-1~deb6u2
polarssl	eq	1.2.9-1~deb6u5