[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

[SECURITY] [DLA 814-1] openssl security update



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Package        : openssl
Version        : 1.0.1t-1+deb7u2
CVE ID         : CVE-2016-7056 CVE-2016-8610 CVE-2017-3731

Several vulnerabilities were discovered in OpenSSL:

CVE-2016-7056

    A local timing attack was discovered against ECDSA P-256.

CVE-2016-8610

    It was discovered that no limit was imposed on alert packets during
    an SSL handshake.

CVE-2017-3731

    Robert Swiecki discovered that the RC4-MD5 cipher when running on
    32 bit systems could be forced into an out-of-bounds read, resulting
    in denial of service.

For Debian 7 "Wheezy", these problems have been fixed in version
1.0.1t-1+deb7u2.

We recommend that you upgrade your openssl packages.

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEcJymx+vmJZxd92Q+nUbEiOQ2gwIFAliSa1oACgkQnUbEiOQ2
gwLlKA/+NrCpeaSwlVwbNUQnVNCqZXC9ffi8b4DVXdXxqlIcaX9XEpcixW81H5gp
7ZU3x01ejk73TjuWdh3490LeKoIupS1obB4w3gcDDoybmbQF431V8s7vlj8yHw0p
Q6xg4f/MbxT+oY50OQBm2GMWn3K15pItCKtxghiwgPHZIw5VxKSAaK7up35jzGzx
wKD/kKL+nrSOdYlpoxvCso76wAdEEeQYL5YnKwg8vBc3D8425tq9syyLTlA8o2+O
NwEBotGaFGc/ZA9bvjBdzcYNuj07qun7wPGBO6b6QTSIDVTCv2r9TOGHe2JNF6En
0VX2KUxbeFWxe0jcpxRgp8ZSg2WmqaX/DSQZypJizGSXD+DAX7tGm1QDmsEI9v5T
+5RCiyFIjqF2bZhpk58+6Q6G/GMb4OIZuhAz2m3BmiRxzr7yXXht3Lt4Is1Ek20h
0SaLOfvCvB+4n9nhW1WZhVGbrBtWVuA3CS9nmdLOATr0wgxF8N5hqiEevTSHfWs9
JBmSLjIsAmeD83mhyolED+7eG5S0Zj//DxixeDQsVQkUXhspvmi04mzYZXLwcC26
8SbxzO8izYhi0WWJIt7rSSo8WBOxoybKEmjqtJ7vZ3b/2OHlh1YDjHgt7Rp47KsW
sX9WclQB3MGNZlo1n8tZOyDiarCrYOqt83paFIO5Iy+Oz9L/ejs=
=XE46
-----END PGP SIGNATURE-----


Reply to: