-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2896-1 security@debian.org http://www.debian.org/security/ Salvatore Bonaccorso April 07, 2014 http://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : openssl CVE ID : CVE-2014-0160 Debian Bug : 743883 A vulnerability has been discovered in OpenSSL's support for the TLS/DTLS Hearbeat extension. Up to 64KB of memory from either client or server can be recovered by an attacker This vulnerability might allow an attacker to compromise the private key and other sensitive data in memory. All users are urged to upgrade their openssl packages (especially libssl1.0.0) and restart applications as soon as possible. According to the currently available information, private keys should be considered as compromised and regenerated as soon as possible. More details will be communicated at a later time. The oldstable distribution (squeeze) is not affected by this vulnerability. For the stable distribution (wheezy), this problem has been fixed in version 1.0.1e-2+deb7u5. For the testing distribution (jessie), this problem has been fixed in version 1.0.1g-1. For the unstable distribution (sid), this problem has been fixed in version 1.0.1g-1. We recommend that you upgrade your openssl packages. Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: http://www.debian.org/security/ Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAEBCgAGBQJTQxo1AAoJEAVMuPMTQ89ETBUP/0uAYS84ABbzCu16ZTHuCwk5 uVounKYCUbTVKxr/cTU8LzMbJo8Bhj3yQ47GUak6DlxzxVfsDXiEp2Q0/HV552Dm gIoFQ1VpsQlCrmKLI1bINN9FYq28lAsfoo9xg4qtt/XrXzBfW98mlrQji/t4GBk2 ZYuRZxSDmrdNBH9QHzEESFZa4dDznDs2ZRqj9TjrFc3UM3tzsA22DR5N0hVjygQH v/zud7A289u+cHG8SmnSI61y4+SCHcqHDegQhNmQkVBDL7M8Jsdgh8ocLsWQnn6f Fn63upGG44sh4MaTXSShNbJAcXiYdIBr0S6yjISxH49G28aEAgl//JsvgIS7zRua lvW/dYQ2QrgkBjixwLmPoggRaWjSUZ/pUrobVcPGkmXXIC2ee5YSFwEL3Lp/idOW 8u86A2mdVVVRmaP1xTRBKDzQ526T2JheulvCOBjWAk4APQDTd7yAaF4QJWr8SmCl CGL9AH2Rs+Y8Kt9jjXgz53Nl93DUMasSRtiQTBIanPGFokmyj10nmUw2XswZjExK 6Mi/hjFmLPn4oPZNn3q0ibFoFSoh8TNkvdlpAeUXeuVriOl4e246hitMaHz+1EUb oXHfSJOLdJRt/q0K7uOYzp7CwHILqPAohdDAG6QDFhZ+RxLo8nA8s4eALq75oHtV 7CY2KZqDzude99PH/N4B =G+xD -----END PGP SIGNATURE-----