Debian DSA-1763-1 : openssl - programming error
Medium Nessus Plugin ID 36090
SynopsisThe remote Debian host is missing a security-related update.
DescriptionIt was discovered that insufficient length validations in the ASN.1 handling of the OpenSSL crypto library may lead to denial of service when processing a manipulated certificate.
SolutionUpgrade the openssl packages.
For the old stable distribution (etch), this problem has been fixed in version 0.9.8c-4etch5 of the openssl package and in version 0.9.7k-3.1etch3 of the openssl097 package.
For the stable distribution (lenny), this problem has been fixed in version 0.9.8g-15+lenny1.