1. Forum
  2. Usenet
  3. LINUX.DEBIAN.ANNOUNCE.SEC

  • [SECURITY] [DSA 2981-1] polarssl security update

    From Salvatore Bonaccorso@1:229/2 to All on Fri Jul 18 17:30:03 2014
    From: [email protected]

    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA512

    - ------------------------------------------------------------------------- Debian Security Advisory DSA-2981-1 [email protected] http://www.debian.org/security/ Salvatore Bonaccorso
    July 18, 2014 http://www.debian.org/security/faq
    - -------------------------------------------------------------------------

    Package : polarssl
    CVE ID : CVE-2014-4911
    Debian Bug : 754655

    A flaw was discovered in PolarSSL, a lightweight crypto and SSL/TLS
    library, which can be exploited by a remote unauthenticated attacker to
    mount a denial of service against PolarSSL servers that offer GCM
    ciphersuites. Potentially clients are affected too if a malicious server decides to execute the denial of service attack against its clients.

    For the stable distribution (wheezy), this problem has been fixed in
    version 1.2.9-1~deb7u3.

    For the testing distribution (jessie), this problem has been fixed in
    version 1.3.7-2.1.

    For the unstable distribution (sid), this problem has been fixed in
    version 1.3.7-2.1.

    We recommend that you upgrade your polarssl packages.

    Further information about Debian Security Advisories, how to apply
    these updates to your system and frequently asked questions can be
    found at: http://www.debian.org/security/

    Mailing list: [email protected]
    -----BEGIN PGP SIGNATURE-----
    Version: GnuPG v1

    iQIcBAEBCgAGBQJTyTxWAAoJEAVMuPMTQ89EOtgP/jQTbv+uZvjTH1pW9YWdRifE 1u1uqWvBhMySn/SpOi1M8gG8SbI0J3Zf2hhe619GWQTizIGyCsDf912j5EYMPZct U+4GkGZvH6JSREHFHgzsj4Y284mO6tr4gEmx053tx1JyY4ZE4QCDwVWjXUw/jl6e vi68m4vf/ul3Bo0oo4eivkAVewQf8zCf4M/nvpL0vKVRVzBaca8K9tEWNdN5vYvJ MfjF35k6QmHlx1ntr9QwwaUPvuzhDE83CXtdNqKHvIiu31Q1sH7fDWHb+2EXQnJZ qAa9a4Xz/cCNHNDYJdZKMqQ801b/FAE+WpMv/p+iKZJ+b8Qe4hi1jxnZFSCI8s5S IAOiyM/xETZGjqywWxIzU8WBvYVRWZX82wL01Pq0uNMhNpdLC1PAV0ayi//4z0iK Ep6O70bCAqxEUpNv71CWJdP/uZg38PCNiDgnV4Il6bXPVpW13l3nWzDKvQmLepdg 32CJ2b93HG4oB9dK5PrAAXsI4q9H0pJihF4oSzqYrxvtk6kN5QGszTguCWNh0zlg VGgejjww5zKO9vyJdaDoiCn+qBVL08FlTPEMBArulh3R+6D1ih8ftPDlZbNRVQXb FCPqqZRIeIGBMPGGwmaTMrlC3QGjhJILJxqu5/SpCqGlG+/90cYDrlOwB/9oXtNn uDyFK2A4oQPutCpJLH91
    =/4R/
    -----END PGP SIGNATURE-----


    --
    To UNSUBSCRIBE, email to [email protected]
    with a subject of "unsubscribe". Trouble? Contact [email protected] Archive: https://lists.debian.org/[email protected]

    --- SoupGate-Win32 v1.05
    * Origin: you cannot sedate... all the things you hate (1:229/2)