Debian Security Advisory 2454-1

Debian Security Advisory 2454-1: Posted Apr 20, 2012; Authored by Debian | Site debian.org; Debian Linux Security Advisory 2454-1 - Multiple vulnerabilities have been found in OpenSSL. Ivan Nestlerode discovered a weakness in the CMS and PKCS #7 implementations that could allow an attacker to decrypt data via a Million Message Attack (MMA). It was discovered that a NULL pointer could be dereferenced when parsing certain S/MIME messages, leading to denial of service. Tavis Ormandy, Google Security Team, discovered a vulnerability in the way DER-encoded ASN.1 data is parsed that can result in a heap overflow.; tags | advisory, denial of service, overflow, vulnerability; systems | linux, debian; advisories | CVE-2012-0884, CVE-2012-1165, CVE-2012-2110; SHA-256 | 825c0a8ae8ea8fbf2a20faf45cd58f27b84d9a4a1fa4c787cb05063d8a84342e; Download | Favorite | View

Debian Security Advisory 2454-1

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- -------------------------------------------------------------------------
Debian Security Advisory DSA-2454-1                   security@debian.org
http://www.debian.org/security/                          Raphael Geissert
April 19, 2012                         http://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : openssl
Vulnerability  : multiple
Problem type   : remote
Debian-specific: no
CVE ID         : CVE-2012-0884 CVE-2012-1165 CVE-2012-2110

Multiple vulnerabilities have been found in OpenSSL. The Common
Vulnerabilities and Exposures project identifies the following issues:

CVE-2012-0884

  Ivan Nestlerode discovered a weakness in the CMS and PKCS #7
  implementations that could allow an attacker to decrypt data
  via a Million Message Attack (MMA).

CVE-2012-1165

  It was discovered that a NULL pointer could be dereferenced
  when parsing certain S/MIME messages, leading to denial of
  service.

CVE-2012-2110

  Tavis Ormandy, Google Security Team, discovered a vulnerability
  in the way DER-encoded ASN.1 data is parsed that can result in
  a heap overflow.


Additionally, the fix for CVE-2011-4619 has been updated to address an
issue with SGC handshakes.

For the stable distribution (squeeze), these problems have been fixed in
version 0.9.8o-4squeeze11.

For the testing distribution (wheezy), these problems will be fixed soon.

For the unstable distribution (sid), these problems have been fixed in
version 1.0.1a-1.

We recommend that you upgrade your openssl packages.

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: http://www.debian.org/security/

Mailing list: debian-security-announce@lists.debian.org
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)

iEYEARECAAYFAk+QgdEACgkQYy49rUbZzlrPxACgmA4me/ZAVZS/TDIifkHgiU9q
x/QAn0pU8BwEFv8ugmm746OX7jDQMnYP
=JCSE
-----END PGP SIGNATURE-----

Top Authors In Last 30 Days

Red Hat 239 files
Ubuntu 62 files
Debian 23 files
LiquidWorm 20 files
Apple 9 files
indoushka 5 files
Gentoo 5 files
Google Security Research 4 files
Chokri Hammedi 3 files
Alter Prime 3 files

File Archives

Systems

AIX (430)
Apple (2,126)
BSD (378)
CentOS (61)
Cisco (1,954)
Debian (7,163)
Fedora (1,693)
FreeBSD (1,247)
Gentoo (4,604)
HPUX (881)
iOS (393)
iPhone (108)
IRIX (220)
Juniper (71)
Linux (51,862)
Mac OS X (696)
Mandriva (3,105)
NetBSD (256)
OpenBSD (490)
RedHat (17,265)
Slackware (941)
Solaris (1,615)
SUSE (1,444)
Ubuntu (9,976)
UNIX (9,474)
UnixWare (188)
Windows (6,784)
Other

Debian Security Advisory 2454-1

Debian Security Advisory 2454-1

File Archive:

November 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems

Debian Security Advisory 2454-1

Share This

Debian Security Advisory 2454-1

File Archive:

November 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems