Christopher Ness wrote:
In this specific case I would encourage you to install the testing package IF you are worried about your SSL installation. It is your best bet against getting cracked.
By my reading of the relevant advisories, this flaw doesn't involve any risk of being cracked, it just opens you up to potential DoSing.
This makes the need for an immediate upgrade less pressing than a more dangerous bug would, depending on your needs for constant uptime and the likelihood of someone targeting you.
You should always make a note of what the potential effects of an exploit are... despite a certain OS vendor's recent track record, not every security flaw results in system compromise.
---------------------------------------- Technical Cyber Security Alert TA04-078A
Multiple Vulnerabilities in OpenSSL Original release date: March 18, 2004 Last revised: -- Source: US-CERT
Systems Affected
* Applications and systems that use the OpenSSL SSL/TLS libraryOverview Several vulnerabilities in the OpenSSL SSL/TLS library could allow an unauthenticated, remote attacker to cause a denial of service. ----------------------------------------
