Anton Johansson discovered that an invalid TLS handshake package could crash OpenSSL with a NULL pointer dereference. The oldstable distribution (squeeze) is not affected.

For the stable distribution (wheezy), this problem has been fixed in version 1.0.1e-2+deb7u3. For the unstable distribution (sid), this problem has been fixed in version 1.0.1f-1. We recommend that you upgrade your openssl packages.

This package contains the openssl binary and related tools.

openssl on Debian Linux

This check tests the installed software version using the apt package manager.

• http://www.debian.org/security/2014/dsa-2837.html

---

Updated on 2015-03-25