1. Forum
  2. Usenet
  3. LINUX.DEBIAN.ANNOUNCE.SEC

  • [SECURITY] [DSA 3437-1] gnutls26 security update

    From Salvatore Bonaccorso@1:229/2 to All on Sat Jan 9 13:20:02 2016
    From: [email protected]

    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA512

    - ------------------------------------------------------------------------- Debian Security Advisory DSA-3437-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso January 09, 2016 https://www.debian.org/security/faq
    - -------------------------------------------------------------------------

    Package : gnutls26
    CVE ID : CVE-2015-7575

    Karthikeyan Bhargavan and Gaetan Leurent at INRIA discovered a flaw in
    the TLS 1.2 protocol which could allow the MD5 hash function to be used
    for signing ServerKeyExchange and Client Authentication packets during a
    TLS handshake. A man-in-the-middle attacker could exploit this flaw to
    conduct collision attacks to impersonate a TLS server or an
    authenticated TLS client.

    More information can be found at
    https://www.mitls.org/pages/attacks/SLOTH

    For the oldstable distribution (wheezy), this problem has been fixed
    in version 2.12.20-8+deb7u5.

    We recommend that you upgrade your gnutls26 packages.

    Further information about Debian Security Advisories, how to apply
    these updates to your system and frequently asked questions can be
    found at: https://www.debian.org/security/

    Mailing list: [email protected]
    -----BEGIN PGP SIGNATURE-----
    Version: GnuPG v1

    iQIcBAEBCgAGBQJWkPbrAAoJEAVMuPMTQ89E+qIQAJ1oiUBHGjSqV/gzponGHBu8 QlwJiStNNWEcK/f9yX7dJvaIaFaYCXVd8Q/98vOa2C7PSgYhm2/OfJHXegtU8eNK lblnMP1SXZd+SuwTLcN0eotAL9dAQyMyxaqKYRP6U+7ikbqdqZpJAEZZIDMImmTd HKBCFCvA77Dy5LobZuQAi8rXOu/KxQfzyIe3P5mF99X9JHPA09YqGW194C7A/ggv e/BQSeawWNNc9p6cWg31GrLLp3HQZHOed+OiFDzf+EGvyhoU5LOfXTc+BqRjUDS9 IlflO63WzHzWUSg/O5JQtlBn++aT2PgU7gbsLOBoZWhfIBkV6ZyL4JDkLI8rnz/9 /Y4tK2z4qSC5OU15v017xrw1YDYe1OimAPHM2MOFCFop2UD3Zj72GhXtb7XGZI2W q9QdRMvxbDUoUfEq9OsT27T0vaAzYgQyEK+NTL/EIgRuHMfaDlii0V+bFjDHWiPG CaPXi7IhVOA9kLfg4mvWXN9OAcureyNwNM6pPr3/HUiGVr1CWbH9Cm7l/U9H2FjC NQJgRMXADQEhIYu1A3oGi2whORLSFEgdZWpvFX0fyL/sF+gxkrUXYWo/fHgTVDtM y2RGh5USgYxikGwoiwGwSbCL7qPX7KnNMecwXOvq+RrhlPqtnafIdUBGmK0P0niA K095DZSPfOvvv9cfzYTS
    =uOs8
    -----END PGP SIGNATURE-----

    --- SoupGate-Win32 v1.05
    * Origin: you cannot sedate... all the things you hate (1:229/2)