Debian Security Advisory DSA 2100-1 (openssl) Network Vulnerability

Summary

The remote host is missing an update to openssl announced via advisory DSA 2100-1.

Solution

https://secure1.securityspace.com/smysecure/catid.html?in=DSA%202100-1

Insight

George Guninski discovered a double free in the ECDH code of the OpenSSL crypto library, which may lead to denial of service and potentially the execution of arbitrary code. For the stable distribution (lenny), this problem has been fixed in version 0.9.8g-15+lenny8. For the unstable distribution (sid), this problem has been fixed in version 0.9.8o-2. We recommend that you upgrade your openssl packages.

Severity

Classification

CVE CVE-2010-2939

CVSS	Base Score: 4.3 AV:N/AC:M/Au:N/C:N/I:N/A:P

Related Vulnerabilities

Debian Security Advisory DSA 001-1 (ed)
Debian Security Advisory DSA 1010-1 (ilohamail)
Debian Security Advisory DSA 052-1 (sendfile)
Debian Security Advisory DSA 1111-2 (kernel-source-2.6.8 et. al.)
Debian Security Advisory DSA 036-1 (mc)

Take action and discover your vulnerabilities