Debian Security Advisory

DLA-33-1 openssl -- LTS security update

Date Reported:
07 Aug 2014
Affected Packages:
Security database references:
In Mitre's CVE dictionary: CVE-2014-3505, CVE-2014-3506, CVE-2014-3507, CVE-2014-3508, CVE-2014-3510.
More information:

Detailed descriptions of the vulnerabilities can be found at:

It's important that you upgrade the libssl0.9.8 package and not just the openssl package.

All applications linked to openssl need to be restarted. You can use the checkrestart tool from the debian-goodies package to detect affected programs. Alternatively, you may reboot your system.

For Debian 6 Squeeze, these issues have been fixed in openssl version 0.9.8o-4squeeze17