Debian Security Advisory

DLA-144-1 polarssl -- LTS security update

Date Reported:
29 Jan 2015
Affected Packages:
polarssl
Vulnerable:
Yes
Security database references:
In Mitre's CVE dictionary: CVE-2015-1182.
More information:

A vulnerability was discovered in PolarSSL, a lightweight crypto and SSL/TLS library. A remote attacker could exploit this flaw using specially crafted certificates to mount a denial of service against an application linked against the library (application crash), or potentially, to execute arbitrary code.

For Debian 6 Squeeze, these issues have been fixed in polarssl version 1.2.9-1~deb6u4