Zero-friction vulnerability management platform

Mageni eases for you the vulnerability scanning, assessment, and management process. It is free and open-source.

Install Now

Available for macOS, Windows, and Linux

App screenshot

Debian Security Advisory DSA 1185-2 (openssl)

Information

Severity

Severity

High

Family

Family

Debian Local Security Checks

CVSSv2 Base

CVSSv2 Base

7.8

CVSSv2 Vector

CVSSv2 Vector

AV:N/AC:L/Au:N/C:N/I:N/A:C

Solution Type

Solution Type

Vendor Patch

Created

Created

14 years ago

Modified

Modified

5 years ago

Summary

The remote host is missing an update to openssl announced via advisory DSA 1185-2. The fix used to correct CVE-2006-2940 introduced code that could lead to the use of uninitialized memory. Such use is likely to cause the application using the openssl library to crash, and has the potential to allow an attacker to cause the execution of arbitrary code.

Solution

Solution

For the stable distribution (sarge) these problems have been fixed in version 0.9.7e-3sarge4. For the unstable and testing distributions (sid and etch, respectively), these problems will be fixed in version 0.9.7k-3 of the openssl097 compatibility libraries, and version 0.9.8c-3 of the openssl package. We recommend that you upgrade your openssl package. Note that https://secure1.securityspace.com/smysecure/catid.html?in=DSA%201185-2

Common Vulnerabilities and Exposures (CVE)