The remote Debian host is missing a security-related update.
Multiple vulnerabilities have been discovered in OpenSSL, a Secure Sockets Layer toolkit. The Common Vulnerabilities and Exposures project identifies the following issues : - CVE-2015-0286 Stephen Henson discovered that the ASN1_TYPE_cmp() function can be crashed, resulting in denial of service. - CVE-2015-0287 Emilia Kaesper discovered a memory corruption in ASN.1 parsing. - CVE-2015-0289 Michal Zalewski discovered a NULL pointer dereference in the PKCS#7 parsing code, resulting in denial of service. - CVE-2015-0292 It was discovered that missing input sanitising in base64 decoding might result in memory corruption. - CVE-2015-0209 It was discovered that a malformed EC private key might result in memory corruption. - CVE-2015-0288 It was discovered that missing input sanitising in the X509_to_X509_REQ() function might result in denial of service.
Upgrade the openssl packages. For the stable distribution (wheezy), these problems have been fixed in version 1.0.1e-2+deb7u15. In this update the export ciphers are removed from the default cipher list.