openssl - security update

Several vulnerabilities were discovered in OpenSSL, a Secure Socket Layer
toolkit.

• CVE-2016-0702
  Yuval Yarom from the University of Adelaide and NICTA, Daniel Genkin
  from Technion and Tel Aviv University, and Nadia Heninger from the
  University of Pennsylvania discovered a side-channel attack which
  makes use of cache-bank conflicts on the Intel Sandy-Bridge
  microarchitecture. This could allow local attackers to recover RSA
  private keys.
• CVE-2016-0705
  Adam Langley from Google discovered a double free bug when parsing
  malformed DSA private keys. This could allow remote attackers to
  cause a denial of service or memory corruption in applications
  parsing DSA private keys received from untrusted sources.
• CVE-2016-0797
  Guido Vranken discovered an integer overflow in the BN_hex2bn and
  BN_dec2bn functions that can lead to a NULL pointer dereference and
  heap corruption. This could allow remote attackers to cause a denial
  of service or memory corruption in applications processing hex or
  dec data received from untrusted sources.
• CVE-2016-0798
  Emilia Käsper of the OpenSSL development team discovered a memory
  leak in the SRP database lookup code. To mitigate the memory leak,
  the seed handling in SRP_VBASE_get_by_user is now disabled even if
  the user has configured a seed. Applications are advised to migrate
  to the SRP_VBASE_get1_by_user function.
• CVE-2016-0799,
  CVE-2016-2842
  Guido Vranken discovered an integer overflow in the BIO_*printf
  functions that could lead to an OOB read when printing very long
  strings. Additionally the internal doapr_outch function can attempt
  to write to an arbitrary memory location in the event of a memory
  allocation failure. These issues will only occur on platforms where
  sizeof(size_t) > sizeof(int) like many 64 bit systems. This could
  allow remote attackers to cause a denial of service or memory
  corruption in applications that pass large amounts of untrusted data
  to the BIO_*printf functions.

Additionally the EXPORT and LOW ciphers were disabled since thay could
be used as part of the DROWN
(CVE-2016-0800)
and SLOTH
(CVE-2015-7575)
attacks, but note that the oldstable (wheezy) and stable (jessie)
distributions are not affected by those attacks since the SSLv2 protocol
has already been dropped in the openssl package version 1.0.0c-2.

For the oldstable distribution (wheezy), these problems have been fixed
in version 1.0.1e-2+deb7u20.

For the stable distribution (jessie), these problems have been fixed in
version 1.0.1k-3+deb8u4.

For the unstable distribution (sid), these problems will be fixed shortly.

We recommend that you upgrade your openssl packages.