|Category:||Debian Local Security Checks|
|Title:||Debian Security Advisory DSA 2782-1 (polarssl - several vulnerabilities)|
|Summary:||Multiple security issues have been discovered in PolarSSL, a lightweight;crypto and SSL/TLS library:;;CVE-2013-4623;Jack Lloyd discovered a denial of service vulnerability in the;parsing of PEM-encoded certificates.;;CVE-2013-5914;Paul Brodeur and TrustInSoft discovered a buffer overflow in the;ssl_read_record() function, allowing the potential execution of;arbitrary code.;;CVE-2013-5915;Cyril Arnaud and Pierre-Alain Fouque discovered timing attacks against;the RSA implementation.|
Multiple security issues have been discovered in PolarSSL, a lightweight
crypto and SSL/TLS library:
Jack Lloyd discovered a denial of service vulnerability in the
parsing of PEM-encoded certificates.
Paul Brodeur and TrustInSoft discovered a buffer overflow in the
ssl_read_record() function, allowing the potential execution of
Cyril Arnaud and Pierre-Alain Fouque discovered timing attacks against
the RSA implementation.
polarssl on Debian Linux
For the oldstable distribution (squeeze), these problems will be fixed in
deb6u1 soon (due to a technical limitation the updates
cannot be released synchronously).
For the stable distribution (wheezy), these problems have been fixed in
For the unstable distribution (sid), these problems have been fixed in
We recommend that you upgrade your polarssl packages.
Common Vulnerability Exposure (CVE) ID: CVE-2013-5914|
Debian Security Information: DSA-2782 (Google Search)
Common Vulnerability Exposure (CVE) ID: CVE-2013-4623
BugTraq ID: 61764
Common Vulnerability Exposure (CVE) ID: CVE-2013-5915
BugTraq ID: 62771
|Copyright||Copyright (C) 2013 Greenbone Networks GmbH http://greenbone.net|
|This is only one of 86218 vulnerability tests in our test suite. Find out more about running a complete security audit.|
To run a free test of this vulnerability against your system, register below.