[Pkg-openssl-devel] Bug#603709: openssl: CVE-2010-3864
Marcos Marado
mindboosternoori at gmail.com
Tue Nov 16 17:26:33 UTC 2010
Package: openssl
Version: 0.9.8g-15+lenny8
Severity: normal
According to http://www.openssl.org/news/secadv_20101116.txt openssl 0.9.8g (in
lenny) and and 0.9.8o (in squeeze and sid) are vulnerable to CVE-2010-3864.
The link indicates that 0.9.8p fixes this issue, and also includes patches for
fixing the problem in any other 0.9.8 version.
Still according to the link, this vulnerability "can be exploited in a buffer
overrun attack".
Best regards,
-- System Information:
Debian Release: 5.0.6
APT prefers stable
APT policy: (500, 'stable')
Architecture: i386 (i686)
Kernel: Linux 2.6.32-bpo.5-686 (SMP w/2 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash
Versions of packages openssl depends on:
ii libc6 2.11.2-6 Embedded GNU C Library: Shared lib
ii libssl0.9.8 0.9.8n-1 SSL shared libraries
ii zlib1g 1:1.2.3.3.dfsg-12 compression library - runtime
openssl recommends no packages.
Versions of packages openssl suggests:
ii ca-certificates 20080809 Common CA certificates
-- no debconf information
More information about the Pkg-openssl-devel
mailing list