[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

[SECURITY] [DLA 1586-1] openssl security update



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Package        : openssl
Version        : 1.0.1t-1+deb8u10
CVE ID         : CVE-2018-0735 CVE-2018-5407


CVE-2018-0735
     Samuel Weiser reported a timing vulnerability in the OpenSSL ECDSA
     signature generation, which might leak information to recover the
     private key.

CVE-2018-5407
     Alejandro Cabrera Aldaya, Billy Brumley, Sohaib ul Hassan, Cesar
     Pereida Garcia and Nicola Tuveri reported a vulnerability to a
     timing side channel attack, which might be used to recover the
     private key.


For Debian 8 "Jessie", these problems have been fixed in version
1.0.1t-1+deb8u10.

We recommend that you upgrade your openssl packages.

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS

-----BEGIN PGP SIGNATURE-----

iQKTBAEBCgB9FiEEYgH7/9u94Hgi6ruWlvysDTh7WEcFAlv10ZJfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDYy
MDFGQkZGREJCREUwNzgyMkVBQkI5Njk2RkNBQzBEMzg3QjU4NDcACgkQlvysDTh7
WEeicQ//fZQOIcKBBwxz9+NSWP1VG4ObIljohd/rFLHCmRPFgnDruBQ0iifAuga0
e0mC3bnf3/VAZVVqLbqPSKdLI6EsPhDZFfXg92EKvNdiuadSoJG2LAmlvwDIfweS
3TMBHaYhu/RUK6+L7QrEnZFy6PrMY1zvKPd5u/VhKLhPWnrOGGKWmIqy+WFD6Dy/
j+Klq8THBXfVdTF7CeoQhfPN+ukvO4p9C/Eu/Kz89UDXUnVVSZgsIIIj7UexRB5s
QHOPwq+QBLLLlKior3zAc3pEf0ugh7wC9nBRQ1bNYobkUwzReFH696s7B8xQIEK6
iXnL7ZbfAiRaKu9EypR4G2zL6RC3BxwqZbOAQNgE0GUn3LplwlzVdXanTZp606Hq
DJBnhapIX1VDuINEJcNbsnx3Szej99Vh5ExPZ/IQAak64vzebznZtm9gWWm2fhVY
l8sCt+LhwG26ELP2jvw0dvzYKstg37t1+ZIkfl4nwWQE3yA5WzV7ovptnSzgCjg1
BaP0idEPhLqPMx0psYMBaW9DZeICD4LLjOItXqeUDnYfSNXgYCrEXDzJVkDY02A/
nf3MJJnHkZmYxvdcX/njydrWCr1k755e5hBtQLry42c6lJeEjHPuKSvLCHDGAyh+
jOuaI16jX6z3D3cW1nuH/64i/fVrbsFZFgiSnmBCyPQ2MRNN1/Y=
=PAHQ
-----END PGP SIGNATURE-----


Reply to: