Debian Security Advisory

DLA-358-1 openssl -- LTS security update

Date Reported:
03 Dec 2015
Affected Packages:
openssl
Vulnerable:
Yes
Security database references:
In Mitre's CVE dictionary: CVE-2015-3195.
More information:

When presented with a malformed X509_ATTRIBUTE structure OpenSSL will leak memory. This structure is used by the PKCS#7 and CMS routines so any application which reads PKCS#7 or CMS data from untrusted sources is affected. SSL/TLS is not affected.