Debian Security Advisory
DLA-144-1 polarssl -- LTS security update
- Date Reported:
- 29 Jan 2015
- Affected Packages:
- Security database references:
- In Mitre's CVE dictionary: CVE-2015-1182.
- More information:
A vulnerability was discovered in PolarSSL, a lightweight crypto and SSL/TLS library. A remote attacker could exploit this flaw using specially crafted certificates to mount a denial of service against an application linked against the library (application crash), or potentially, to execute arbitrary code.
For Debian 6
Squeeze, these issues have been fixed in polarssl version 1.2.9-1~deb6u4