5.8 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:N/I:P/A:P
8.7 High
AI Score
Confidence
High
0.9 High
EPSS
Percentile
98.8%
Debian Security Advisory DSA-2833-1 [email protected]
http://www.debian.org/security/ Moritz Muehlenhoff
January 01, 2014 http://www.debian.org/security/faq
Package : openssl
Vulnerability : several
Problem type : local
Debian-specific: no
CVE ID : CVE-2013-6449 CVE-2013-6450
Debian Bug : 732754 732710
Multiple security issues have been fixed in OpenSSL: The TLS 1.2 support
was susceptible to denial of service and retransmission of DTLS messages
was fixed. In addition this updates disables the insecure Dual_EC_DRBG
algorithm (which was unused anyway, see
http://marc.info/?l=openssl-announce&m=138747119822324&w=2 for further
information) and no longer uses the RdRand feature available on some
Intel CPUs as a sole source of entropy unless explicitly requested.
For the stable distribution (wheezy), these problems have been fixed in
version 1.0.1e-2+deb7u1.
For the unstable distribution (sid), these problems have been fixed in
version 1.0.1e-5.
We recommend that you upgrade your openssl packages.
Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: http://www.debian.org/security/
Mailing list: [email protected]
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
Debian | 7 | powerpc | libcrypto1.0.0-udeb | < 1.0.1e-2+deb7u1 | libcrypto1.0.0-udeb_1.0.1e-2+deb7u1_powerpc.deb |
Debian | 7 | powerpc | libssl-dev | < 1.0.1e-2+deb7u1 | libssl-dev_1.0.1e-2+deb7u1_powerpc.deb |
Debian | 7 | ia64 | libssl1.0.0-dbg | < 1.0.1e-2+deb7u1 | libssl1.0.0-dbg_1.0.1e-2+deb7u1_ia64.deb |
Debian | 7 | s390x | openssl | < 1.0.1e-2+deb7u1 | openssl_1.0.1e-2+deb7u1_s390x.deb |
Debian | 7 | amd64 | openssl | < 1.0.1e-2+deb7u1 | openssl_1.0.1e-2+deb7u1_amd64.deb |
Debian | 7 | s390 | libssl-dev | < 1.0.1e-2+deb7u1 | libssl-dev_1.0.1e-2+deb7u1_s390.deb |
Debian | 7 | i386 | libssl1.0.0 | < 1.0.1e-2+deb7u1 | libssl1.0.0_1.0.1e-2+deb7u1_i386.deb |
Debian | 7 | kfreebsd-amd64 | libssl1.0.0 | < 1.0.1e-2+deb7u1 | libssl1.0.0_1.0.1e-2+deb7u1_kfreebsd-amd64.deb |
Debian | 7 | mips | libssl1.0.0-dbg | < 1.0.1e-2+deb7u1 | libssl1.0.0-dbg_1.0.1e-2+deb7u1_mips.deb |
Debian | 7 | ia64 | libcrypto1.0.0-udeb | < 1.0.1e-2+deb7u1 | libcrypto1.0.0-udeb_1.0.1e-2+deb7u1_ia64.deb |