Re: Packages that need to be rebuilt agaisnt libssl0.9.8
- To: Jeroen van Wolffelaar <email@example.com>
- Cc: firstname.lastname@example.org
- Subject: Re: Packages that need to be rebuilt agaisnt libssl0.9.8
- From: Moritz Muehlenhoff <email@example.com>
- Date: Fri, 7 Oct 2005 00:54:22 +0200
- Message-id: <[🔎] 20051006225420.GA6495@informatik.uni-bremen.de>
- In-reply-to: <4ULka-6Jmfirstname.lastname@example.org>
- References: <4UqyJemail@example.com> <4UxAffirstname.lastname@example.org> <4UF4L-4Hjemail@example.com> <4UGb3firstname.lastname@example.org> <4UHUm-VRemail@example.com> <4UKxBfirstname.lastname@example.org> <4ULka-6Jmemail@example.com>
In linux.debian.devel, you wrote:
>> a lot of people bugged me about the new version and upstream only recommends
>> this version. It also closes a grave security bug.
> Hm, that wasn't listed in the changelog. Anyway, there hasn't been a security
> advisory about openssl recently, did you backport a patch to the sarge version
> (and prefereably also, to the woody version) and informed the security team?
Christoph is probably referring to CAN-2005-2946 and bug #314465, which is about
the fact that MD5 is the default digest algo in openssl.
This bug has an inflated severity, it's not overly urgent. There have been several
collision attacks on MD5 (i.e. you can create a foo/bar pair, which share a
common hash), but no second preimage attacks have been demonstrated so
far (i.e. creating a bar, which shares a hash with a given foo).
Several exploits have been derived from the basic collision attacks, though, (google
for Kaminski or Daum/Lucks for some cool demonstrations), but it's not as grave
as it might appear. Upgrading to SHA-1 is still a good idea, of course, but no
need to break things more than necessary.