[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

[SECURITY] [DLA 1449-1] openssl security update



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Package        : openssl
Version        : 1.0.1t-1+deb8u9
CVE ID         : CVE-2018-0732 CVE-2018-0737
Debian Bug     : 895844

Two issues were discovered in OpenSSL, the Secure Sockets Layer toolkit.

CVE-2018-0732

    Denial of service by a malicious server that sends a very large
    prime value to the client during TLS handshake.

CVE-2018-0737

    Alejandro Cabrera Aldaya, Billy Brumley, Cesar Pereida Garcia and
    Luis Manuel Alvarez Tapia discovered that the OpenSSL RSA Key
    generation algorithm has been shown to be vulnerable to a cache
    timing side channel attack. An attacker with sufficient access to
    mount cache timing attacks during the RSA key generation process
    could recover the private key.

For Debian 8 "Jessie", these problems have been fixed in version
1.0.1t-1+deb8u9.

We recommend that you upgrade your openssl packages.

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
-----BEGIN PGP SIGNATURE-----

iQKTBAEBCgB9FiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAltb6WJfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD
RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQACgkQ2a0UuVE7
UeTCqg//ZHH5JYHbmuEjJhJs0CTuBjKzGLCabYvcuSn7tFZVYKi4F/KPAxhg5Adm
MxjNpRU1W16d4SWur3yOlZriAZ71/RB6VSDWW2T7UiLPF9x+VNrcp9MOQXVHPCMZ
gqS+FdxFoiLcoRTp37V79yTcBrjRTuxxeHNwwTWBVPoSXBIar0M9M2hH3yN+wJBi
xpmVr/PdSluHa7fjgG3/duf0Ot6EEGJ1Dje0F2RIsDPuKaWRDEt8XAo0YhMJkYz+
DxauV+sFbdZHz87i2fcf29/zSDesyfzvap6RgtKAvxU1U1stVXKc7rzFVshedMuD
rqT1uXIPz3hRrGy66tb1KzgIMYyEE/q3a3n1MwZAcjfN6WQviNnEzWdb3j3Tcq1l
LtemzcQ0ft0MjSi2xSMZZ78QpS7H4OiB8/BusvC4TYJFnDqP2xwaAkrn6UdYzRJR
vKOMwKlcnxQ63xA0zUn482Bjc0Li1QyN5aKQlbgTwnVF31GWWoeCkqwEYj591nsn
epo0OIxeNJAcYjl5ySA/6+RE3/iylcf+bIMlAOaC3lsP8DPxY4BdmAxhPT0me/L2
95bfrxmm8bdLmupXYBpOkYgM5nkoylwC7m8ogu608pqXFPx4IkMzIwIulY9fqQAR
Xt2rnriC44laoExfKJ8seCjaJe/04VrfA6ojY8xWrBmtMdYhB2E=
=YfMZ
-----END PGP SIGNATURE-----


Reply to: