Re: [SECURITY] [DSA 3417-1] bouncycastle security update

To: debian-security@lists.debian.org
Subject: Re: [SECURITY] [DSA 3417-1] bouncycastle security update
From: "Grégoire Reitter" <greg@vecteurm.com>
Date: Mon, 14 Dec 2015 14:39:22 +0100
Message-id: <[🔎] 566EC68A.8020504@vecteurm.com>
Reply-to: gregoire.reitter@vecteurm.com
In-reply-to: <E1a8Sao-0004vN-N9@seger.debian.org>
References: <E1a8Sao-0004vN-N9@seger.debian.org>

oui j'ai déjà corrigé les 2 premiers problèmes et je m'occupe de la 
vignette

greg

Le lun. 14 déc. 2015 13:51:06 CET, Luciano Bello a écrit :
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA256
>
> - -------------------------------------------------------------------------
> Debian Security Advisory DSA-3417-1                   security@debian.org
> https://www.debian.org/security/                            Luciano Bello
> December 14, 2015                     https://www.debian.org/security/faq
> - -------------------------------------------------------------------------
>
> Package        : bouncycastle
> CVE ID         : CVE-2015-7940
> Debian Bug     : 802671
>
> Tibor Jager, JÃ¶rg Schwenk, and Juraj Somorovsky, from Horst GÃ¶rtz
> Institute for IT Security, published a paper in ESORICS 2015 where they
> describe an invalid curve attack in Bouncy Castle Crypto, a Java library
> for cryptography. An attacker is able to recover private Elliptic Curve
> keys from different applications, for example, TLS servers.
>
> More information:
> http://web-in-security.blogspot.ca/2015/09/practical-invalid-curve-attacks.html
> Practical Invalid Curve Attacks on TLS-ECDH:
> http://euklid.org/pdf/ECC_Invalid_Curve.pdf
>
> For the oldstable distribution (wheezy), this problem has been fixed
> in version 1.44+dfsg-3.1+deb7u1.
>
> For the stable distribution (jessie), this problem has been fixed in
> version 1.49+dfsg-3+deb8u1.
>
> For the unstable distribution (sid), this problem has been fixed in
> version 1.51-2.
>
> We recommend that you upgrade your bouncycastle packages.
>
> Further information about Debian Security Advisories, how to apply
> these updates to your system and frequently asked questions can be
> found at: https://www.debian.org/security/
>
> Mailing list: debian-security-announce@lists.debian.org
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1
>
> iQIcBAEBCAAGBQJWbrnpAAoJEG7C3vaP/jd0sYEP/0oGLjRD26QDcghTOV4kZpmO
> QQc3rXHiyMylQGUVJ6mHFES+dVwHlWy6VumRlQp2uBB/O+afvM3jEo1Mx9jgrYhR
> +2hpqc21kh1sIJEi+ZK7MfaGjlg8IVIYXapXi/DdJt0dGGJuji+qN+XWRue5yLgm
> 08vm4scq8TUohYxpdNnpoWUSJ2/k49aQ60Jz+tz+80UjqDcaxhS7lw1YxqzOHOBs
> YABdawwUh0mfguQIIfHS+5R6lb/YzzE07ZVdgQVRzNL4z0PMNCUV4uT6xTWpn/Wx
> kvgiDW+Qpw4mkKIAeKkOuHWoXxHsOQfY7DRXfOnyybv0GTDGV0OKuYKbkxXe8kqh
> g/msrAfg0EGvHiiFgudlMwvdXpkG+gOqu7YyHbTSSPuD9MFjMJdMQIOeih4+GcPN
> Yxvvl6x/JKgagJcNco3G6VzXcbcgHBU8WgdN5xASxJcBhzUBmyTaMRmVtuj8vguP
> EhcBa0a/xzpI6TZqnQc3drznU3sqxcvDI3shPKckLN5lJpUXiKaTOcageILkfxpg
> NUmZ01YQEI7nYJFjAMflKnqXFcRanTYBHhI7aZxbfueviqx7uTzXLT5oiyf99sIR
> DA8+7uVPr6O2QXmnOTleAEIpNYs9VibfAtGt3DRkAAeo3ARRM7+yAxXtmN20uBO9
> 2fAMEkxz0RpnUdEEtKnw
> =P/dD
> -----END PGP SIGNATURE-----
>

--
--
Grégoire Reitter
Vecteur M - 01.47.90.70.80
http://www.vecteurm.com

Reply to:

Prev by Date: Re: [SECURITY] [DSA 3416-1] libphp-phpmailer security update
Next by Date: RE: [SECURITY] [DSA 3417-1] bouncycastle security update
Previous by thread: Re: [SECURITY] [DSA 3416-1] libphp-phpmailer security update
Next by thread: RE: [SECURITY] [DSA 3417-1] bouncycastle security update
Index(es):
- Date
- Thread