Debian Security Advisory
DLA-33-1 openssl -- LTS security update
- Date Reported:
- 07 Aug 2014
- Affected Packages:
- Security database references:
- In Mitre's CVE dictionary: CVE-2014-3505, CVE-2014-3506, CVE-2014-3507, CVE-2014-3508, CVE-2014-3510.
- More information:
Detailed descriptions of the vulnerabilities can be found at: https://www.openssl.org/news/secadv_20140806.txt
It's important that you upgrade the libssl0.9.8 package and not just the openssl package.
All applications linked to openssl need to be restarted. You can use the
checkrestarttool from the debian-goodies package to detect affected programs. Alternatively, you may reboot your system.
For Debian 6
Squeeze, these issues have been fixed in openssl version 0.9.8o-4squeeze17