Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
securityvulnsSecurityvulnsSECURITYVULNS:DOC:29976
HistoryOct 28, 2013 - 12:00 a.m.

[SECURITY] [DSA 2782-1] polarssl security update

2013-10-2800:00:00
vulners.com
31
JSON

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Debian Security Advisory DSA-2782-1 [email protected]
http://www.debian.org/security/ Moritz Muehlenhoff
October 20, 2013 http://www.debian.org/security/faq

Package : polarssl
Vulnerability : several
Problem type : remote
Debian-specific: no
CVE ID : CVE-2013-4623 CVE-2013-5914 CVE-2013-5915

Multiple security issues have been discovered in PolarSSL, a lightweight
crypto and SSL/TLS library:

CVE-2013-4623

Jack Lloyd discovered a denial of service vulnerability in the 
parsing of PEM-encoded certificates.

CVE-2013-5914

Paul Brodeur and TrustInSoft discovered a buffer overflow in the
ssl_read_record() function, allowing the potential execution of
arbitrary code.

CVE-2013-5915

Cyril Arnaud and Pierre-Alain Fouque discovered timimg attacks against
the RSA implementation.

For the oldstable distribution (squeeze), these problems will be fixed in
version 1.2.9-1~deb6u1 soon (due to a technical limitation the updates
cannot be released synchronously).

For the stable distribution (wheezy), these problems have been fixed in
version 1.2.9-1~deb7u1.

For the unstable distribution (sid), these problems have been fixed in
version 1.3.1-1.

We recommend that you upgrade your polarssl packages.

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: http://www.debian.org/security/

Mailing list: [email protected]

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.15 (GNU/Linux)

iEYEARECAAYFAlJkB2wACgkQXm3vHE4uylpw4wCgviIBtPeDGMTJnYSKl+Nts1wl
hQsAoMMlNgR/ksIHwiSoiIVla+xTyRTE
=sY+z
-----END PGP SIGNATURE-----

Related

debian 1
openvas 18
osv 1
securityvulns 1
nessus 12
fedora 15
ubuntucve 3
cve 3
mageia 2
prion 3
freebsd 2
gentoo 1
debian
debian
[SECURITY] [DSA 2782-1] polarssl security update
2013-10-20 16:41:19
openvas
openvas
Debian Security Advisory DSA 2782-1 (polarssl - several vulnerabilities)
2013-10-20 00:00:00
Debian Security Advisory DSA 2782-1 (polarssl - several vulnerabilities)
2013-10-20 00:00:00
Fedora Update for polarssl FEDORA-2013-18228
2013-10-15 00:00:00
osv
osv
polarssl - several
2013-10-20 00:00:00
securityvulns
securityvulns
PolarSSL multiple security vulnerabilities
2013-10-28 00:00:00
nessus
nessus
Debian DSA-2782-1 : polarssl - several vulnerabilities
2013-10-22 00:00:00
Fedora 19 : polarssl-1.2.9-1.fc19 (2013-18228)
2013-10-15 00:00:00
Fedora 20 : polarssl-1.2.10-2.fc20 (2014-7263)
2014-06-20 00:00:00
fedora
fedora
[SECURITY] Fedora 19 Update: polarssl-1.2.10-2.fc19
2014-06-19 22:57:44
[SECURITY] Fedora 20 Update: polarssl-1.2.9-1.fc20
2013-10-10 14:46:18
[SECURITY] Fedora 20 Update: polarssl-1.2.10-2.fc20
2014-06-19 22:55:06
ubuntucve
ubuntucve
CVE-2013-5915
2013-10-04 00:00:00
CVE-2013-5914
2013-10-26 00:00:00
CVE-2013-4623
2013-09-30 00:00:00
cve
cve
CVE-2013-5914
2013-10-26 17:55:00
CVE-2013-5915
2013-10-04 17:55:00
CVE-2013-4623
2013-09-30 22:55:00
mageia
mageia
Updated polarssl, pdns & ragel packages fix CVE-2013-5915
2013-12-01 01:15:26
Updated polarssl package fixes security vulnerabilities
2013-09-25 01:41:53
prion
prion
Buffer overflow
2013-10-26 17:55:00
Design/Logic Flaw
2013-10-04 17:55:00
Design/Logic Flaw
2013-09-30 22:55:00
freebsd
freebsd
polarssl -- Timing attack against protected RSA-CRT implementation
2013-10-01 00:00:00
polarssl -- denial of service vulnerability
2013-06-21 00:00:00
gentoo
gentoo
PolarSSL: Multiple vulnerabilities
2013-10-17 00:00:00
JSON
Related for SECURITYVULNS:DOC:29976
debian1openvas18osv1securityvulns1nessus12fedora15ubuntucve3cve3mageia2prion3freebsd2gentoo1