Debian Wolfssl vulnerabilities

CVE-2015-6925 [HIGH] CVE-2015-6925: wolfssl - wolfSSL (formerly CyaSSL) before 3.6.8 allows remote attackers to cause a denial... wolfSSL (formerly CyaSSL) before 3.6.8 allows remote attackers to cause a denial of service (resource consumption or traffic amplification) via a crafted DTLS cookie in a ClientHello message. Scope: local bookworm: resolved (fixed in 3.9.10+dfsg-1) bullseye: resolved (fixed in 3.9.10+dfsg-1) forky: resolved (fixed in 3.9.10+dfsg-1) sid: resolved (fixed in 3.9.10+dfsg-

CVE-2015-7744 [MEDIUM] CVE-2015-7744: wolfssl - wolfSSL (formerly CyaSSL) before 3.6.8 does not properly handle faults associate... wolfSSL (formerly CyaSSL) before 3.6.8 does not properly handle faults associated with the Chinese Remainder Theorem (CRT) process when allowing ephemeral key exchange without low memory optimizations on a server, which makes it easier for remote attackers to obtain private RSA keys by capturing TLS handshakes, aka a Lenstra attack. Scope: local bookworm: resolved (

CVE-2014-2901 [HIGH] CVE-2014-2901: wolfssl - wolfssl before 3.2.0 does not properly issue certificates for a server's hostnam... wolfssl before 3.2.0 does not properly issue certificates for a server's hostname. Scope: local bookworm: resolved (fixed in 3.4.8+dfsg-1) bullseye: resolved (fixed in 3.4.8+dfsg-1) forky: resolved (fixed in 3.4.8+dfsg-1) sid: resolved (fixed in 3.4.8+dfsg-1) trixie: resolved (fixed in 3.4.8+dfsg-1)

CVE-2014-2904 [HIGH] CVE-2014-2904: wolfssl - wolfssl before 3.2.0 has a server certificate that is not properly authorized fo... wolfssl before 3.2.0 has a server certificate that is not properly authorized for server authentication. Scope: local bookworm: resolved (fixed in 3.4.8+dfsg-1) bullseye: resolved (fixed in 3.4.8+dfsg-1) forky: resolved (fixed in 3.4.8+dfsg-1) sid: resolved (fixed in 3.4.8+dfsg-1) trixie: resolved (fixed in 3.4.8+dfsg-1)

CVE-2014-2902 [HIGH] CVE-2014-2902: wolfssl - wolfssl before 3.2.0 does not properly authorize CA certificate for signing othe... wolfssl before 3.2.0 does not properly authorize CA certificate for signing other certificates. Scope: local bookworm: resolved (fixed in 3.4.8+dfsg-1) bullseye: resolved (fixed in 3.4.8+dfsg-1) forky: resolved (fixed in 3.4.8+dfsg-1) sid: resolved (fixed in 3.4.8+dfsg-1) trixie: resolved (fixed in 3.4.8+dfsg-1)

CVE-2014-2903 [MEDIUM] CVE-2014-2903: wolfssl - CyaSSL does not check the key usage extension in leaf certificates, which allows... CyaSSL does not check the key usage extension in leaf certificates, which allows remote attackers to spoof servers via a crafted server certificate not authorized for use in an SSL/TLS handshake. Scope: local bookworm: resolved (fixed in 3.4.8+dfsg-1) bullseye: resolved (fixed in 3.4.8+dfsg-1) forky: resolved (fixed in 3.4.8+dfsg-1) sid: resolved (fixed in 3.4.8+dfs

CVE-2014-3566 [LOW] CVE-2014-3566: bouncycastle - The SSL protocol 3.0, as used in OpenSSL through 1.0.1i and other products, uses... The SSL protocol 3.0, as used in OpenSSL through 1.0.1i and other products, uses nondeterministic CBC padding, which makes it easier for man-in-the-middle attackers to obtain cleartext data via a padding-oracle attack, aka the "POODLE" issue. Scope: local bookworm: resolved bullseye: resolved forky: resolved sid: resolved trixie: resolved

CVE-2014-6491 [HIGH] CVE-2014-6491: wolfssl - Unspecified vulnerability in Oracle MySQL Server 5.5.39 and earlier and 5.6.20 a... Unspecified vulnerability in Oracle MySQL Server 5.5.39 and earlier and 5.6.20 and earlier allows remote attackers to affect confidentiality, integrity, and availability via vectors related to SERVER:SSL:yaSSL, a different vulnerability than CVE-2014-6500. Scope: local bookworm: resolved bullseye: resolved forky: resolved sid: resolved trixie: resolved

CVE-2014-6496 [MEDIUM] CVE-2014-6496: wolfssl - Unspecified vulnerability in Oracle MySQL Server 5.5.39 and earlier, and 5.6.20 ... Unspecified vulnerability in Oracle MySQL Server 5.5.39 and earlier, and 5.6.20 and earlier, allows remote attackers to affect availability via vectors related to CLIENT:SSL:yaSSL, a different vulnerability than CVE-2014-6494. Scope: local bookworm: resolved bullseye: resolved forky: resolved sid: resolved trixie: resolved

CVE-2014-6478 [MEDIUM] CVE-2014-6478: wolfssl - Unspecified vulnerability in Oracle MySQL Server 5.5.38 and earlier, and 5.6.19 ... Unspecified vulnerability in Oracle MySQL Server 5.5.38 and earlier, and 5.6.19 and earlier, allows remote attackers to affect integrity via vectors related to SERVER:SSL:yaSSL. Scope: local bookworm: resolved bullseye: resolved forky: resolved sid: resolved trixie: resolved

CVE-2014-6500 [HIGH] CVE-2014-6500: wolfssl - Unspecified vulnerability in Oracle MySQL Server 5.5.39 and earlier, and 5.6.20 ... Unspecified vulnerability in Oracle MySQL Server 5.5.39 and earlier, and 5.6.20 and earlier, allows remote attackers to affect confidentiality, integrity, and availability via vectors related to SERVER:SSL:yaSSL, a different vulnerability than CVE-2014-6491. Scope: local bookworm: resolved bullseye: resolved forky: resolved sid: resolved trixie: resolved

CVE-2014-6494 [MEDIUM] CVE-2014-6494: wolfssl - Unspecified vulnerability in Oracle MySQL Server 5.5.39 and earlier, and 5.6.20 ... Unspecified vulnerability in Oracle MySQL Server 5.5.39 and earlier, and 5.6.20 and earlier, allows remote attackers to affect availability via vectors related to CLIENT:SSL:yaSSL, a different vulnerability than CVE-2014-6496. Scope: local bookworm: resolved bullseye: resolved forky: resolved sid: resolved trixie: resolved

CVE-2014-6495 [MEDIUM] CVE-2014-6495: wolfssl - Unspecified vulnerability in Oracle MySQL Server 5.5.38 and earlier, and 5.6.19 ... Unspecified vulnerability in Oracle MySQL Server 5.5.38 and earlier, and 5.6.19 and earlier, allows remote attackers to affect availability via vectors related to SERVER:SSL:yaSSL. Scope: local bookworm: resolved bullseye: resolved forky: resolved sid: resolved trixie: resolved