Debian Security Advisory DSA 465-1 (openssl,openssl094,openssl095)

The remote host is missing an update to openssl,openssl094,openssl095 announced via advisory DSA 465-1.

Two vulnerabilities were discovered in openssl, an implementation of the SSL protocol, using the Codenomicon TLS Test Tool. More information can be found in the following NISCC Vulnerability Advisory: http://www.uniras.gov.uk/vuls/2004/224012/index.htm and this OpenSSL advisory: http://www.openssl.org/news/secadv_20040317.txt - CVE-2004-0079 - null-pointer assignment in the do_change_cipher_spec() function. A remote attacker could perform a carefully crafted SSL/TLS handshake against a server that used the OpenSSL library in such a way as to cause OpenSSL to crash. Depending on the application this could lead to a denial of service. - CVE-2004-0081 - a bug in older versions of OpenSSL 0.9.6 that can lead to a Denial of Service attack (infinite loop). For the stable distribution (woody) these problems have been fixed in openssl version 0.9.6c-2.woody.6, openssl094 version 0.9.4-6.woody.4 and openssl095 version 0.9.5a-6.woody.5. For the unstable distribution (sid) these problems will be fixed soon. We recommend that you update your openssl package.

https://secure1.securityspace.com/smysecure/catid.html?in=DSA%20465-1