Debian OpenSSL vulnerabilities

CVE-2015-5738 [HIGH] CVE-2015-5738: openssl - The RSA-CRT implementation in the Cavium Software Development Kit (SDK) 2.x, whe... The RSA-CRT implementation in the Cavium Software Development Kit (SDK) 2.x, when used on OCTEON II CN6xxx Hardware on Linux to support TLS with Perfect Forward Secrecy (PFS), makes it easier for remote attackers to obtain private RSA keys by conducting a Lenstra side-channel attack. Scope: local bookworm: resolved bullseye: resolved forky: resolved sid: resolved trix

CVE-2015-3216 [MEDIUM] CVE-2015-3216: openssl - Race condition in a certain Red Hat patch to the PRNG lock implementation in the... Race condition in a certain Red Hat patch to the PRNG lock implementation in the ssleay_rand_bytes function in OpenSSL, as distributed in openssl-1.0.1e-25.el7 in Red Hat Enterprise Linux (RHEL) 7 and other products, allows remote attackers to cause a denial of service (application crash) by establishing many TLS sessions to a multithreaded server, leading to use of

CVE-2015-1787 [LOW] CVE-2015-1787: openssl - The ssl3_get_client_key_exchange function in s3_srvr.c in OpenSSL 1.0.2 before 1... The ssl3_get_client_key_exchange function in s3_srvr.c in OpenSSL 1.0.2 before 1.0.2a, when client authentication and an ephemeral Diffie-Hellman ciphersuite are enabled, allows remote attackers to cause a denial of service (daemon crash) via a ClientKeyExchange message with a length of zero. Scope: local bookworm: resolved bullseye: resolved forky: resolved sid: resol

CVE-2015-0285 [MEDIUM] CVE-2015-0285: openssl - The ssl3_client_hello function in s3_clnt.c in OpenSSL 1.0.2 before 1.0.2a does ... The ssl3_client_hello function in s3_clnt.c in OpenSSL 1.0.2 before 1.0.2a does not ensure that the PRNG is seeded before proceeding with a handshake, which makes it easier for remote attackers to defeat cryptographic protection mechanisms by sniffing the network and then conducting a brute-force attack. Scope: local bookworm: resolved bullseye: resolved forky: reso

CVE-2015-0290 [MEDIUM] CVE-2015-0290: openssl - The multi-block feature in the ssl3_write_bytes function in s3_pkt.c in OpenSSL ... The multi-block feature in the ssl3_write_bytes function in s3_pkt.c in OpenSSL 1.0.2 before 1.0.2a on 64-bit x86 platforms with AES NI support does not properly handle certain non-blocking I/O cases, which allows remote attackers to cause a denial of service (pointer corruption and application crash) via unspecified vectors. Scope: local bookworm: resolved bullseye

CVE-2015-4000 [LOW] CVE-2015-4000: nss - The TLS protocol 1.2 and earlier, when a DHE_EXPORT ciphersuite is enabled on a ... The TLS protocol 1.2 and earlier, when a DHE_EXPORT ciphersuite is enabled on a server but not on a client, does not properly convey a DHE_EXPORT choice, which allows man-in-the-middle attackers to conduct cipher-downgrade attacks by rewriting a ClientHello with DHE replaced by DHE_EXPORT and then rewriting a ServerHello with DHE_EXPORT replaced by DHE, aka the "Logjam" is

CVE-2015-0291 [MEDIUM] CVE-2015-0291: openssl - The sigalgs implementation in t1_lib.c in OpenSSL 1.0.2 before 1.0.2a allows rem... The sigalgs implementation in t1_lib.c in OpenSSL 1.0.2 before 1.0.2a allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) by using an invalid signature_algorithms extension in the ClientHello message during a renegotiation. Scope: local bookworm: resolved bullseye: resolved forky: resolved sid: resolved trixie: resolved

CVE-2015-0207 [MEDIUM] CVE-2015-0207: openssl - The dtls1_listen function in d1_lib.c in OpenSSL 1.0.2 before 1.0.2a does not pr... The dtls1_listen function in d1_lib.c in OpenSSL 1.0.2 before 1.0.2a does not properly isolate the state information of independent data streams, which allows remote attackers to cause a denial of service (application crash) via crafted DTLS traffic, as demonstrated by DTLS 1.0 traffic to a DTLS 1.2 server. Scope: local bookworm: resolved bullseye: resolved forky: r

CVE-2015-0208 [MEDIUM] CVE-2015-0208: openssl - The ASN.1 signature-verification implementation in the rsa_item_verify function ... The ASN.1 signature-verification implementation in the rsa_item_verify function in crypto/rsa/rsa_ameth.c in OpenSSL 1.0.2 before 1.0.2a allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via crafted RSA PSS parameters to an endpoint that uses the certificate-verification feature. Scope: local bookworm: resolved bul

CVE-2014-3567 [HIGH] CVE-2014-3567: openssl - Memory leak in the tls_decrypt_ticket function in t1_lib.c in OpenSSL before 0.9... Memory leak in the tls_decrypt_ticket function in t1_lib.c in OpenSSL before 0.9.8zc, 1.0.0 before 1.0.0o, and 1.0.1 before 1.0.1j allows remote attackers to cause a denial of service (memory consumption) via a crafted session ticket that triggers an integrity-check failure. Scope: local bookworm: resolved (fixed in 1.0.1j-1) bullseye: resolved (fixed in 1.0.1j-1) for

CVE-2014-0160 [HIGH] CVE-2014-0160: openssl - The (1) TLS and (2) DTLS implementations in OpenSSL 1.0.1 before 1.0.1g do not p... The (1) TLS and (2) DTLS implementations in OpenSSL 1.0.1 before 1.0.1g do not properly handle Heartbeat Extension packets, which allows remote attackers to obtain sensitive information from process memory via crafted packets that trigger a buffer over-read, as demonstrated by reading private keys, related to d1_both.c and t1_lib.c, aka the Heartbleed bug. Scope: loca

CVE-2014-3513 [HIGH] CVE-2014-3513: openssl - Memory leak in d1_srtp.c in the DTLS SRTP extension in OpenSSL 1.0.1 before 1.0.... Memory leak in d1_srtp.c in the DTLS SRTP extension in OpenSSL 1.0.1 before 1.0.1j allows remote attackers to cause a denial of service (memory consumption) via a crafted handshake message. Scope: local bookworm: resolved (fixed in 1.0.1j-1) bullseye: resolved (fixed in 1.0.1j-1) forky: resolved (fixed in 1.0.1j-1) sid: resolved (fixed in 1.0.1j-1) trixie: resolved (f

CVE-2014-0224 [HIGH] CVE-2014-0224: openssl - OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h does not pr... OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h does not properly restrict processing of ChangeCipherSpec messages, which allows man-in-the-middle attackers to trigger use of a zero-length master key in certain OpenSSL-to-OpenSSL communications, and consequently hijack sessions or obtain sensitive information, via a crafted TLS handshake, aka the

CVE-2014-3512 [HIGH] CVE-2014-3512: openssl - Multiple buffer overflows in crypto/srp/srp_lib.c in the SRP implementation in O... Multiple buffer overflows in crypto/srp/srp_lib.c in the SRP implementation in OpenSSL 1.0.1 before 1.0.1i allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via an invalid SRP (1) g, (2) A, or (3) B parameter. Scope: local bookworm: resolved (fixed in 1.0.1i-1) bullseye: resolved (fixed in 1.0.1i-1) forky

CVE-2014-8176 [HIGH] CVE-2014-8176: openssl - The dtls1_clear_queues function in ssl/d1_lib.c in OpenSSL before 0.9.8za, 1.0.0... The dtls1_clear_queues function in ssl/d1_lib.c in OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h frees data structures without considering that application data can arrive between a ChangeCipherSpec message and a Finished message, which allows remote DTLS peers to cause a denial of service (memory corruption and application crash) or possibly ha

CVE-2014-0198 [MEDIUM] CVE-2014-0198: openssl - The do_ssl3_write function in s3_pkt.c in OpenSSL 1.x through 1.0.1g, when SSL_M... The do_ssl3_write function in s3_pkt.c in OpenSSL 1.x through 1.0.1g, when SSL_MODE_RELEASE_BUFFERS is enabled, does not properly manage a buffer pointer during certain recursive calls, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via vectors that trigger an alert condition. Scope: local bookworm: resolv

CVE-2014-3510 [MEDIUM] CVE-2014-3510: openssl - The ssl3_send_client_key_exchange function in s3_clnt.c in OpenSSL 0.9.8 before ... The ssl3_send_client_key_exchange function in s3_clnt.c in OpenSSL 0.9.8 before 0.9.8zb, 1.0.0 before 1.0.0n, and 1.0.1 before 1.0.1i allows remote DTLS servers to cause a denial of service (NULL pointer dereference and client application crash) via a crafted handshake message in conjunction with a (1) anonymous DH or (2) anonymous ECDH ciphersuite. Scope: local boo

CVE-2014-3569 [MEDIUM] CVE-2014-3569: openssl - The ssl23_get_client_hello function in s23_srvr.c in OpenSSL 0.9.8zc, 1.0.0o, an... The ssl23_get_client_hello function in s23_srvr.c in OpenSSL 0.9.8zc, 1.0.0o, and 1.0.1j does not properly handle attempts to use unsupported protocols, which allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via an unexpected handshake, as demonstrated by an SSLv3 handshake to a no-ssl3 application with certain error h

CVE-2014-3470 [MEDIUM] CVE-2014-3470: openssl - The ssl3_send_client_key_exchange function in s3_clnt.c in OpenSSL before 0.9.8z... The ssl3_send_client_key_exchange function in s3_clnt.c in OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h, when an anonymous ECDH cipher suite is used, allows remote attackers to cause a denial of service (NULL pointer dereference and client crash) by triggering a NULL certificate value. Scope: local bookworm: resolved (fixed in 1.0.1h-1) bulls

CVE-2014-3508 [MEDIUM] CVE-2014-3508: openssl - The OBJ_obj2txt function in crypto/objects/obj_dat.c in OpenSSL 0.9.8 before 0.9... The OBJ_obj2txt function in crypto/objects/obj_dat.c in OpenSSL 0.9.8 before 0.9.8zb, 1.0.0 before 1.0.0n, and 1.0.1 before 1.0.1i, when pretty printing is used, does not ensure the presence of '\0' characters, which allows context-dependent attackers to obtain sensitive information from process stack memory by reading output from X509_name_oneline, X509_name_print_