Lucene search
GoogleOSV:DSA-3413-1HistoryDec 04, 2015 - 12:00 a.m.
openssl - security update
2015-12-0400:00:00
Google
osv.dev
21
0.953 High
EPSS
Percentile
99.4%
Multiple vulnerabilities have been discovered in OpenSSL, a Secure
Sockets Layer toolkit. The Common Vulnerabilities and Exposures project
identifies the following issues:
- CVE-2015-3194
Loic Jonas Etienne of Qnective AG discovered that the signature
verification routines will crash with a NULL pointer dereference if
presented with an ASN.1 signature using the RSA PSS algorithm and
absent mask generation function parameter. A remote attacker can
exploit this flaw to crash any certificate verification operation
and mount a denial of service attack. - CVE-2015-3195
Adam Langley of Google/BoringSSL discovered that OpenSSL will leak
memory when presented with a malformed X509_ATTRIBUTE structure. - CVE-2015-3196
A race condition flaw in the handling of PSK identify hints was
discovered, potentially leading to a double free of the identify
hint data.
For the oldstable distribution (wheezy), these problems have been fixed
in version 1.0.1e-2+deb7u18.
For the stable distribution (jessie), these problems have been fixed in
version 1.0.1k-3+deb8u2.
For the unstable distribution (sid), these problems have been fixed in
version 1.0.2e-1 or earlier.
We recommend that you upgrade your openssl packages.
| CPE | Name | Operator | Version |
|---|---|---|---|
| openssl | eq | 1.0.1k-3 | |
| openssl | eq | 1.0.1k-3+alpha | |
| openssl | eq | 1.0.1k-3+deb8u1 |
References
Related
openvas
openvas
Debian Security Advisory DSA 3413-1 (openssl - security update)
2015-12-04 00:00:00
CentOS Update for openssl CESA-2015:2617 centos6
2015-12-15 00:00:00
Debian: Security Advisory (DSA-3413-1)
2015-12-03 00:00:00
fedora
fedora
[SECURITY] Fedora 22 Update: openssl-1.0.1k-13.fc22
2015-12-14 11:54:41
[SECURITY] Fedora 23 Update: openssl-1.0.2e-1.fc23
2015-12-06 19:20:38
nessus
nessus
Oracle Linux 6 / 7 : openssl (ELSA-2015-2617)
2015-12-15 00:00:00
Scientific Linux Security Update : openssl on SL6.x i386/x86_64 (20151214)
2015-12-16 00:00:00
OracleVM 3.3 : openssl (OVMSA-2015-0155)
2015-12-15 00:00:00
amazon
amazon
Medium: openssl
2015-12-14 10:00:00
aix
aix
Vulnerabilities in OpenSSL impact AIX
2016-01-18 10:47:32
ibm
ibm
Security Bulletin: Vulnerabilities in OpenSSL affect IBM MQ AMS (CVE-2015-3194, CVE-2015-3195, CVE-2015-3196)
2018-06-15 07:05:41
debian
debian
[SECURITY] [DSA 3413-1] openssl security update
2015-12-04 07:43:46
[SECURITY] [DSA 3413-1] openssl security update
2015-12-04 07:43:46
[SECURITY] [DLA 358-1] openssl security update
2015-12-03 22:20:02
freebsd_advisory
freebsd_advisory
FreeBSD-SA-15:26.openssl
2015-12-06 00:00:00
centos
centos
openssl security update
2015-12-14 11:00:46
openssl security update
2015-12-14 23:02:16
redhat
redhat
(RHSA-2015:2617) Moderate: openssl security update
2015-12-14 00:00:00
(RHSA-2015:2616) Moderate: openssl security update
2015-12-14 00:00:00
altlinux
altlinux
Security fix for the ALT Linux 9 package openssl1.1 version 1.0.1q-alt1
2015-12-17 00:00:00
Security fix for the ALT Linux 8 package openssl10 version 1.0.1q-alt1
2015-12-17 00:00:00
Security fix for the ALT Linux 7 package openssl10 version 1.0.1q-alt1
2015-12-17 00:00:00
mageia
mageia
Updated openssl packages fix security vulnerability
2015-12-05 13:03:58
cloudfoundry
cloudfoundry
USN-2830-1 OpenSSL vulnerability | Cloud Foundry
2016-01-07 00:00:00
ubuntu
ubuntu
OpenSSL vulnerabilities
2015-12-07 00:00:00
f5
f5
SOL90542710 - OpenSSL vulnerabilities CVE-2015-3193, CVE-2015-3194, CVE-2015-3195, CVE-2015-3196, and CVE-2015-1794
2015-12-03 00:00:00
K55540723 : OpenSSL vulnerability CVE-2015-3196
2015-12-04 00:00:00
SOL55540723 - OpenSSL vulnerability CVE-2015-3196
2015-12-04 00:00:00
freebsd
freebsd
openssl -- multiple vulnerabilities
2015-12-03 00:00:00
libressl -- NULL pointer dereference
2015-12-03 00:00:00
slackware
slackware
[slackware-security] openssl
2015-12-16 06:25:41
symantec
symantec
SA105 : OpenSSL Vulnerabilities 3-Dec-2015
2015-12-10 08:00:00
archlinux
archlinux
openssl lib32-openssl: multiple issues
2015-12-05 00:00:00
fortinet
fortinet
OpenSSL Advisory - December 2015
2015-12-10 00:00:00
cisco
cisco
Multiple Vulnerabilities in OpenSSL (December 2015) Affecting Cisco Products
2015-12-04 17:38:00
nodejsblog
nodejsblog
December Security Release Summary
2015-12-04 00:00:00
gentoo
gentoo
OpenSSL: Multiple vulnerabilities
2016-01-29 00:00:00
oraclelinux
oraclelinux
openssl security update
2016-03-01 00:00:00
prion
prion
Race condition
2015-12-06 20:59:00
Null pointer dereference
2015-12-06 20:59:00
Information disclosure
2015-12-06 20:59:00
nvd
nvd
veracode
veracode
Denial Of Service (DoS)
2017-02-10 01:05:59
Denial Of Service (DoS)
2019-01-15 09:09:04
Denial Of Service (DoS)
2017-02-10 01:29:07
openssl
openssl
Vulnerability in OpenSSL CVE-2015-3196
2015-12-03 00:00:00
Vulnerability in OpenSSL CVE-2015-3194
2015-12-03 00:00:00
Vulnerability in OpenSSL CVE-2015-3195
2015-12-03 00:00:00
debiancve
debiancve
cvelist
cvelist
cve
cve
ubuntucve
ubuntucve
checkpoint_advisories
checkpoint_advisories
osv
osv
openssl - security update
2015-12-03 00:00:00