Summary
The remote host is missing an update to openssl
announced via advisory DSA 2392-1.
Solution
https://secure1.securityspace.com/smysecure/catid.html?in=DSA%202392-1
Insight
Antonio Martin discovered a denial-of-service vulnerability in OpenSSL, an implementation of TLS and related protocols. A malicious client can cause the DTLS server implementation to crash. Regular, TCP-based TLS is not affected by this issue.
For the oldstable distribution (lenny), this problem has been fixed in version 0.9.8g-15+lenny16.
For the stable distribution (squeeze), this problem has been fixed in version 0.9.8o-4squeeze7.
For the testing distribution (wheezy) and the unstable distribution (sid), this problem has been fixed in version 1.0.0g-1.
We recommend that you upgrade your openssl packages.
Severity
Classification
-
CVE CVE-2012-0050 -
CVSS Base Score: 5.0
AV:N/AC:L/Au:N/C:N/I:N/A:P
Related Vulnerabilities