Debian Long Term Support / LTS Security Information / 2014 / Security Information -- DLA-33-1 openssl

Debian Security Advisory

DLA-33-1 openssl -- LTS security update

Date Reported:

07 Aug 2014

Affected Packages:

openssl

Vulnerable:

Yes

Security database references:

In Mitre's CVE dictionary: CVE-2014-3505, CVE-2014-3506, CVE-2014-3507, CVE-2014-3508, CVE-2014-3510.

More information:

Detailed descriptions of the vulnerabilities can be found at: https://www.openssl.org/news/secadv_20140806.txt

It's important that you upgrade the libssl0.9.8 package and not just the openssl package.

All applications linked to openssl need to be restarted. You can use the checkrestart tool from the debian-goodies package to detect affected programs. Alternatively, you may reboot your system.

For Debian 6 Squeeze, these issues have been fixed in openssl version 0.9.8o-4squeeze17