[SECURITY] [DLA 358-1] openssl security update

To: debian-lts-announce@lists.debian.org
Subject: [SECURITY] [DLA 358-1] openssl security update
From: Kurt Roeckx <kurt@roeckx.be>
Date: Thu, 3 Dec 2015 23:20:02 +0100
Message-id: <[🔎] 20151203222001.GA8433@roeckx.be>
Mail-followup-to: debian-lts@lists.debian.org
Reply-to: debian-lts@lists.debian.org

Package        : openssl
Version        : 0.9.8o-4squeeze22
CVE ID         : CVE-2015-3195

When presented with a malformed X509_ATTRIBUTE structure OpenSSL will leak
memory. This structure is used by the PKCS#7 and CMS routines so any
application which reads PKCS#7 or CMS data from untrusted sources is affected.
SSL/TLS is not affected.



Kurt

Attachment: signature.asc
Description: PGP signature

Reply to:

debian-lts-announce@lists.debian.org
Kurt Roeckx (on-list)
Kurt Roeckx (off-list)

Next by Date: [SECURITY] [DLA 361-1] bouncycastle security update
Next by thread: [SECURITY] [DLA 361-1] bouncycastle security update
Index(es):
- Date
- Thread