Visit our newest sister site!
Hundreds of free aircraft flight manuals
Civilian • Historical • Military • Declassified • FREE!

TUCoPS :: Web :: General :: dsa-393.htm

openssl - denial of service

Debian Security Advisory

DSA-393-1 openssl -- denial of service

Date Reported:
01 Oct 2003
Affected Packages:
Security database references:
In Mitre's CVE dictionary: CAN-2003-0543, CAN-2003-0544.
More information:

Dr. Stephen Henson (, using a test suite provided by NISCC (, discovered a number of errors in the OpenSSL ASN1 code. Combined with an error that causes the OpenSSL code to parse client certificates even when it should not, these errors can cause a denial of service (DoS) condition on a system using the OpenSSL code, depending on how that code is used. For example, even though apache-ssl and ssh link to OpenSSL libraries, they should not be affected by this vulnerability. However, other SSL-enabled applications may be vulnerable and an OpenSSL upgrade is recommended.

For the current stable distribution (woody) these problems have been fixed in version 0.9.6c-2.woody.4.

For the unstable distribution (sid) these problems have been fixed in version 0.9.7c-1.

We recommend that you update your openssl package. Note that you will need to restart services which use the libssl library for this update to take effect.

Fixed in:

Debian GNU/Linux 3.0 (woody)

Architecture-independent component:
Intel IA-32:
Intel IA-64:
Motorola 680x0:
Big endian MIPS:
Little endian MIPS:
IBM S/390:
Sun Sparc:

MD5 checksums of the listed files are available in the original advisory.

TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2015 AOH