1. Forum
  2. Usenet
  3. LINUX.DEBIAN.ANNOUNCE.SEC

  • [SECURITY] [DSA 3773-1] openssl security update

    From Moritz Muehlenhoff@1:229/2 to All on Fri Jan 27 21:00:02 2017
    From: [email protected]

    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA256

    - ------------------------------------------------------------------------- Debian Security Advisory DSA-3773-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff January 27, 2017 https://www.debian.org/security/faq
    - -------------------------------------------------------------------------

    Package : openssl
    CVE ID : CVE-2016-7056 CVE-2016-8610 CVE-2017-3731

    Several vulnerabilities were discovered in OpenSSL:

    CVE-2016-7056

    A local timing attack was discovered against ECDSA P-256.

    CVE-2016-8610

    It was discovered that no limit was imposed on alert packets during
    an SSL handshake.

    CVE-2017-3731

    Robert Swiecki discovered that the RC4-MD5 cipher when running on
    32 bit systems could be forced into an out-of-bounds read, resulting
    in denial of service.

    For the stable distribution (jessie), these problems have been fixed in
    version 1.0.1t-1+deb8u6.

    For the unstable distribution (sid), these problems have been fixed in
    version 1.1.0d-1 of the openssl source package and in version 1.0.2k-1
    of the openssl1.0 source package.

    We recommend that you upgrade your openssl packages.

    Further information about Debian Security Advisories, how to apply
    these updates to your system and frequently asked questions can be
    found at: https://www.debian.org/security/

    Mailing list: [email protected]
    -----BEGIN PGP SIGNATURE-----

    iQIzBAEBCAAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAliLo/kACgkQEMKTtsN8 TjZTrA/+OyKEr6KnRgToU5LzrXyOQRTW9UgAD9jl0gjDbLiWQRb4SqsBUGHAqHWY K2Hmo6HgN+gr0rLQnk09ivv7ND8FmdxuONbaHvllNKa8JnD9AByusAODhkI4bJLV FWy5uGS2L/vrs79g1GtZiCyXdwBFGLZArf4rzRNmbBJfMhm8Wll+rMVEiRNXV67U xvi3sVBcrNO9PfD/c+BTaVwvMNMkHb9hnTNUbeVSCSPlnik3uSS2UNtwUdBNZzKb vnVVMWK7mj6+OuDT5rksYsBKhsyzRoY+ehxHiWCV2PvYoXpeHxDgezkT/6LWFb+o R7jyjsrB8cglSnIn/7dpCJePIhY9k+Lpx9WmsQ3XROp1BMpDVqepb82cWy1PCDdu 1AL2lHbv6A2ST1tw1rli08napxXSjEebKvFzg8/Hd5yuBEUPe92wQWAjzjYcpPtJ vlseoNIB5YvVS8+UKr5bhYYp43nNFgP47b+z16xrAbxrDrWl+DnYAzCFyuoypLU9 rFUnPyWfF9dcI5LsAMXgbnozw5PlxPjMc6vs305SwGlTVw6+o81obM4YEGRjU7gS 8jcGERUFBW62RyulmAhp8TAFgqcUpKWbvPAkbe/rQvNK1JEy4xT/xt9Z+AVu8y2s Xz2Xd4ZN9pdvBvvXZqw3MZfV0e4KhMd0eFyVcAgBgLAbu8kTJjI=
    =7Jwc
    -----END PGP SIGNATURE-----

    --- SoupGate-Win32 v1.05
    * Origin: you cannot sedate... all the things you hate (1:229/2)