Debian OpenSSL vulnerabilities

CVE-2013-6450 [MEDIUM] CVE-2013-6450: openssl - The DTLS retransmission implementation in OpenSSL 1.0.0 before 1.0.0l and 1.0.1 ... The DTLS retransmission implementation in OpenSSL 1.0.0 before 1.0.0l and 1.0.1 before 1.0.1f does not properly maintain data structures for digest and encryption contexts, which might allow man-in-the-middle attackers to trigger the use of a different context and cause a denial of service (application crash) by interfering with packet delivery, related to ssl/d1_bo

CVE-2012-2110 [HIGH] CVE-2012-2110: openssl - The asn1_d2i_read_bio function in crypto/asn1/a_d2i_fp.c in OpenSSL before 0.9.8... The asn1_d2i_read_bio function in crypto/asn1/a_d2i_fp.c in OpenSSL before 0.9.8v, 1.0.0 before 1.0.0i, and 1.0.1 before 1.0.1a does not properly interpret integer data, which allows remote attackers to conduct buffer overflow attacks, and cause a denial of service (memory corruption) or possibly have unspecified other impact, via crafted DER data, as demonstrated by

CVE-2012-2686 [MEDIUM] CVE-2012-2686: openssl - crypto/evp/e_aes_cbc_hmac_sha1.c in the AES-NI functionality in the TLS 1.1 and ... crypto/evp/e_aes_cbc_hmac_sha1.c in the AES-NI functionality in the TLS 1.1 and 1.2 implementations in OpenSSL 1.0.1 before 1.0.1d allows remote attackers to cause a denial of service (application crash) via crafted CBC data. Scope: local bookworm: resolved (fixed in 1.0.1e-1) bullseye: resolved (fixed in 1.0.1e-1) forky: resolved (fixed in 1.0.1e-1) sid: resolved (

CVE-2012-0027 [MEDIUM] CVE-2012-0027: openssl - The GOST ENGINE in OpenSSL before 1.0.0f does not properly handle invalid parame... The GOST ENGINE in OpenSSL before 1.0.0f does not properly handle invalid parameters for the GOST block cipher, which allows remote attackers to cause a denial of service (daemon crash) via crafted data from a TLS client. Scope: local bookworm: resolved (fixed in 1.0.0f-1) bullseye: resolved (fixed in 1.0.0f-1) forky: resolved (fixed in 1.0.0f-1) sid: resolved (fixe

CVE-2012-0050 [MEDIUM] CVE-2012-0050: openssl - OpenSSL 0.9.8s and 1.0.0f does not properly support DTLS applications, which all... OpenSSL 0.9.8s and 1.0.0f does not properly support DTLS applications, which allows remote attackers to cause a denial of service (crash) via unspecified vectors related to an out-of-bounds read. NOTE: this vulnerability exists because of an incorrect fix for CVE-2011-4108. Scope: local bookworm: resolved (fixed in 1.0.0g-1) bullseye: resolved (fixed in 1.0.0g-1) fo

CVE-2012-2333 [MEDIUM] CVE-2012-2333: openssl - Integer underflow in OpenSSL before 0.9.8x, 1.0.0 before 1.0.0j, and 1.0.1 befor... Integer underflow in OpenSSL before 0.9.8x, 1.0.0 before 1.0.0j, and 1.0.1 before 1.0.1c, when TLS 1.1, TLS 1.2, or DTLS is used with CBC encryption, allows remote attackers to cause a denial of service (buffer over-read) or possibly have unspecified other impact via a crafted TLS packet that is not properly handled during a certain explicit IV calculation. Scope: l

CVE-2012-2131 [HIGH] CVE-2012-2131: openssl - Multiple integer signedness errors in crypto/buffer/buffer.c in OpenSSL 0.9.8v a... Multiple integer signedness errors in crypto/buffer/buffer.c in OpenSSL 0.9.8v allow remote attackers to conduct buffer overflow attacks, and cause a denial of service (memory corruption) or possibly have unspecified other impact, via crafted DER data, as demonstrated by an X.509 certificate or an RSA public key. NOTE: this vulnerability exists because of an incomplet

CVE-2012-4929 [LOW] CVE-2012-4929: apache2 - The TLS protocol 1.2 and earlier, as used in Mozilla Firefox, Google Chrome, Qt,... The TLS protocol 1.2 and earlier, as used in Mozilla Firefox, Google Chrome, Qt, and other products, can encrypt compressed data without properly obfuscating the length of the unencrypted data, which allows man-in-the-middle attackers to obtain plaintext HTTP headers by observing length differences during a series of guesses in which a string in an HTTP request potenti

CVE-2012-1165 [MEDIUM] CVE-2012-1165: openssl - The mime_param_cmp function in crypto/asn1/asn_mime.c in OpenSSL before 0.9.8u a... The mime_param_cmp function in crypto/asn1/asn_mime.c in OpenSSL before 0.9.8u and 1.x before 1.0.0h allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted S/MIME message, a different vulnerability than CVE-2006-7250. Scope: local bookworm: resolved (fixed in 1.0.0h-1) bullseye: resolved (fixed in 1.0.0h-1

CVE-2012-0884 [MEDIUM] CVE-2012-0884: openssl - The implementation of Cryptographic Message Syntax (CMS) and PKCS #7 in OpenSSL ... The implementation of Cryptographic Message Syntax (CMS) and PKCS #7 in OpenSSL before 0.9.8u and 1.x before 1.0.0h does not properly restrict certain oracle behavior, which makes it easier for context-dependent attackers to decrypt data via a Million Message Attack (MMA) adaptive chosen ciphertext attack. Scope: local bookworm: resolved (fixed in 1.0.0h-1) bullseye

CVE-2011-4109 [CRITICAL] CVE-2011-4109: openssl - Double free vulnerability in OpenSSL 0.9.8 before 0.9.8s, when X509_V_FLAG_POLIC... Double free vulnerability in OpenSSL 0.9.8 before 0.9.8s, when X509_V_FLAG_POLICY_CHECK is enabled, allows remote attackers to have an unspecified impact by triggering failure of a policy check. Scope: local bookworm: resolved (fixed in 1.0.0c-1) bullseye: resolved (fixed in 1.0.0c-1) forky: resolved (fixed in 1.0.0c-1) sid: resolved (fixed in 1.0.0c-1) trixie: re

CVE-2011-3210 [MEDIUM] CVE-2011-3210: openssl - The ephemeral ECDH ciphersuite functionality in OpenSSL 0.9.8 through 0.9.8r and... The ephemeral ECDH ciphersuite functionality in OpenSSL 0.9.8 through 0.9.8r and 1.0.x before 1.0.0e does not ensure thread safety during processing of handshake messages from clients, which allows remote attackers to cause a denial of service (daemon crash) via out-of-order messages that violate the TLS protocol. Scope: local bookworm: resolved (fixed in 1.0.0e-1)

CVE-2011-5095 [MEDIUM] CVE-2011-5095: openssl - The Diffie-Hellman key-exchange implementation in OpenSSL 0.9.8, when FIPS mode ... The Diffie-Hellman key-exchange implementation in OpenSSL 0.9.8, when FIPS mode is enabled, does not properly validate a public parameter, which makes it easier for man-in-the-middle attackers to obtain the shared secret key by modifying network traffic, a related issue to CVE-2011-1923. Scope: local bookworm: resolved (fixed in 0.9.8a-1) bullseye: resolved (fixed i

CVE-2011-4354 [MEDIUM] CVE-2011-4354: openssl - crypto/bn/bn_nist.c in OpenSSL before 0.9.8h on 32-bit platforms, as used in stu... crypto/bn/bn_nist.c in OpenSSL before 0.9.8h on 32-bit platforms, as used in stunnel and other products, in certain circumstances involving ECDH or ECDHE cipher suites, uses an incorrect modular reduction algorithm in its implementation of the P-256 and P-384 NIST elliptic curves, which allows remote attackers to obtain the private key of a TLS server via multiple h

CVE-2011-4619 [MEDIUM] CVE-2011-4619: openssl - The Server Gated Cryptography (SGC) implementation in OpenSSL before 0.9.8s and ... The Server Gated Cryptography (SGC) implementation in OpenSSL before 0.9.8s and 1.x before 1.0.0f does not properly handle handshake restarts, which allows remote attackers to cause a denial of service (CPU consumption) via unspecified vectors. Scope: local bookworm: resolved (fixed in 1.0.0h-1) bullseye: resolved (fixed in 1.0.0h-1) forky: resolved (fixed in 1.0.0h

CVE-2011-3207 [MEDIUM] CVE-2011-3207: openssl - crypto/x509/x509_vfy.c in OpenSSL 1.0.x before 1.0.0e does not initialize certai... crypto/x509/x509_vfy.c in OpenSSL 1.0.x before 1.0.0e does not initialize certain structure members, which makes it easier for remote attackers to bypass CRL validation by using a nextUpdate value corresponding to a time in the past. Scope: local bookworm: resolved (fixed in 1.0.0e-1) bullseye: resolved (fixed in 1.0.0e-1) forky: resolved (fixed in 1.0.0e-1) sid: re

CVE-2011-4576 [MEDIUM] CVE-2011-4576: openssl - The SSL 3.0 implementation in OpenSSL before 0.9.8s and 1.x before 1.0.0f does n... The SSL 3.0 implementation in OpenSSL before 0.9.8s and 1.x before 1.0.0f does not properly initialize data structures for block cipher padding, which might allow remote attackers to obtain sensitive information by decrypting the padding data sent by an SSL peer. Scope: local bookworm: resolved (fixed in 1.0.0f-1) bullseye: resolved (fixed in 1.0.0f-1) forky: resolv

CVE-2011-0014 [MEDIUM] CVE-2011-0014: openssl - ssl/t1_lib.c in OpenSSL 0.9.8h through 0.9.8q and 1.0.0 through 1.0.0c allows re... ssl/t1_lib.c in OpenSSL 0.9.8h through 0.9.8q and 1.0.0 through 1.0.0c allows remote attackers to cause a denial of service (crash), and possibly obtain sensitive information in applications that use OpenSSL, via a malformed ClientHello handshake message that triggers an out-of-bounds memory access, aka "OCSP stapling vulnerability." Scope: local bookworm: resolved

CVE-2011-4108 [MEDIUM] CVE-2011-4108: openssl - The DTLS implementation in OpenSSL before 0.9.8s and 1.x before 1.0.0f performs ... The DTLS implementation in OpenSSL before 0.9.8s and 1.x before 1.0.0f performs a MAC check only if certain padding is valid, which makes it easier for remote attackers to recover plaintext via a padding oracle attack. Scope: local bookworm: resolved (fixed in 1.0.0f-1) bullseye: resolved (fixed in 1.0.0f-1) forky: resolved (fixed in 1.0.0f-1) sid: resolved (fixed i

CVE-2011-1945 [LOW] CVE-2011-1945: openssl - The elliptic curve cryptography (ECC) subsystem in OpenSSL 1.0.0d and earlier, w... The elliptic curve cryptography (ECC) subsystem in OpenSSL 1.0.0d and earlier, when the Elliptic Curve Digital Signature Algorithm (ECDSA) is used for the ECDHE_ECDSA cipher suite, does not properly implement curves over binary fields, which makes it easier for context-dependent attackers to determine private keys via a timing attack and a lattice calculation. Scope: l