1. Forum
  2. Usenet
  3. LINUX.DEBIAN.ANNOUNCE.SEC

  • [SECURITY] [DSA 3436-1] openssl security update

    From Salvatore Bonaccorso@1:229/2 to All on Fri Jan 8 16:40:02 2016
    From: [email protected]

    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA512

    - ------------------------------------------------------------------------- Debian Security Advisory DSA-3436-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso January 08, 2016 https://www.debian.org/security/faq
    - -------------------------------------------------------------------------

    Package : openssl
    CVE ID : CVE-2015-7575

    Karthikeyan Bhargavan and Gaetan Leurent at INRIA discovered a flaw in
    the TLS 1.2 protocol which could allow the MD5 hash function to be used
    for signing ServerKeyExchange and Client Authentication packets during a
    TLS handshake. A man-in-the-middle attacker could exploit this flaw to
    conduct collision attacks to impersonate a TLS server or an
    authenticated TLS client.

    More information can be found at
    https://www.mitls.org/pages/attacks/SLOTH

    For the oldstable distribution (wheezy), this problem has been fixed
    in version 1.0.1e-2+deb7u19.

    For the stable distribution (jessie), the testing distribution (stretch)
    and the unstable distribution (sid), this issue was already addressed in version 1.0.1f-1.

    We recommend that you upgrade your openssl packages.

    Further information about Debian Security Advisories, how to apply
    these updates to your system and frequently asked questions can be
    found at: https://www.debian.org/security/

    Mailing list: [email protected]
    -----BEGIN PGP SIGNATURE-----
    Version: GnuPG v1

    iQIcBAEBCgAGBQJWj9bhAAoJEAVMuPMTQ89EmUsP/1S7T1VbHI51eFKlFZCzqPot UUz0GHpuBYyHrIJhVeBT4x5sLVufgCNRIEizdtea+UvsyClnXo1nSeyrPqUegAlj u0egswS8M8cmmJ97SQ4/1AIaFsAepohW6n/ro9rTum6rwkEbfqXQPGZGMJ0SBg/f lo5zrgQzNTYxIp70Ya9y0Pa2aBL9s+dgwDdg1eCJqk2c6qo5K1IW4JgEH/bFzB1X fPHglmrNFIc4J4E7K9xkb1eHejZ2kBjVa+w8Yqu85xsTmhThEWLwuJ98m3/nIFLB +lQQLNSmL1n37cF7BpPMCwzWgnFyGX3d19uynDFETuyGLLUbznkxTktkkxBjIfwL G9F1YGQVd9eYkquKoyhr74W86nn20GYEBY13TUgwDsF0dDM53dXslK6xCJakbSFY XEFlKV9VlwAza43WLDIKhBF1YDxmPoUrh7Xwfj6YFprGnk+pLfrGlqkH3T+WHfgU FFFJimFi4IPJdVV59x4zKDh4S8baoX5/66L9bwf+K5eWJEJ/loNol0wRDqa+hQEr ye507uk9UVFuxgHfWReKPN4OI8VcHQkZQ1VdQyuWSbbAZU+kvBDfTVjXZ1i9eSz7 B9EV0ACsMSBR5W3b5X+B8IqMB3grzQUj2ae9ESxLcVsAd83/grGu4SFaJMQDxfym GahxEfEd17Acu+5bFxvQ
    =cn6q
    -----END PGP SIGNATURE-----

    --- SoupGate-Win32 v1.05
    * Origin: you cannot sedate... all the things you hate (1:229/2)