[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

[SECURITY] [DLA 612-1] libtomcrypt security update



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Package        : libtomcrypt
Version        : 1.17-3.2+deb7u1
CVE ID         : CVE-2016-6129

It was discovered that the implementation of RSA signature verification
in libtomcrypt is vulnerable to the Bleichenbacher signature attack.

If an RSA key with exponent 3 is used it may be possible to forge a
PKCS#1 v1.5 signature signed by that key.

For Debian 7 "Wheezy", these problems have been fixed in version
1.17-3.2+deb7u1.

We recommend that you upgrade your libtomcrypt packages.

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS

- -- 
Jonas Meurer - Debian developer

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2

iQIcBAEBCAAGBQJXz0OwAAoJEFJi5/9JEEn+YawQALdWdn1k3ScW6bJubCEFe9+0
QDxAqf/OkUK9luZ4wxe4fVdbm1M8r4204Qkh2ljYyMlr6ueRcW7R1UoXm9OUuhYX
zcHUaYNuKTCYocihMSv1yYwfjl+tH2WNTtfltOv5+rdJcgd3UHHi/A5bUI2DNM0Q
ED14FqntEQjG1l7o/CHijJZGFkKLt+FyEG5zkvgHbkF7KqwtaN8fbCfnPEMtRCRB
JmEb8uIeqyAthpAoEIOUtxW3Y7wtRKALtI9/PsdbcDVej/7TdKaiA1TmDONkExLb
wotkMXPe91/qYcDpZeH0AizKJXQTSae66REGD54MzpmoTkBr2R05psmanapoduRD
8sBzjg63gsi7SS7scZeYvJ2YjQfJ+rT/YU5HgcLBgsdEU8sZZANsxNe85SatcoUu
CzUc0/4nHD+vAn1mGrExvguP01PjiMVSIXzN6SpN9/8Q7I161j7HvDbT/N5ryx5N
ryR2DiXVrO1yxSPypkUdg/k3kyZ07VVnSV7zE/Z1n7oG+TuQjLCQ9PS0Jpdvj+xq
n1oNbIoS8mNoUqUenZ7tcHPlLHmjDK7a+aMxyuyUFYq3b/Ng+oWVKcAEWu5vx8fc
WHXAR4+OdS5vlDelbzsd/0vL1y63sCpF0gxd/aSNgWVHypgpneyWtIvK1W64iPb+
E9WjcC2EsA0PI2Gt3U/e
=27/v
-----END PGP SIGNATURE-----


Reply to: