[SECURITY] [DLA 1932-1] openssl security update

To: debian-lts-announce@lists.debian.org
Subject: [SECURITY] [DLA 1932-1] openssl security update
From: Markus Koschany <apo@debian.org>
Date: Wed, 25 Sep 2019 23:56:34 +0200
Message-id: <[🔎] 5aad60b3-178b-2f9f-1f53-2aa6103fdb7a@debian.org>
Mail-followup-to: debian-lts@lists.debian.org
Reply-to: debian-lts@lists.debian.org

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Package        : openssl
Version        : 1.0.1t-1+deb8u12
CVE ID         : CVE-2019-1547 CVE-2019-1563

Two security vulnerabilities were found in OpenSSL, the Secure Sockets
Layer toolkit.

CVE-2019-1547

    Normally in OpenSSL EC groups always have a co-factor present and
    this is used in side channel resistant code paths. However, in some
    cases, it is possible to construct a group using explicit parameters
    (instead of using a named curve). In those cases it is possible that
    such a group does not have the cofactor present. This can occur even
    where all the parameters match a known named curve. If such a curve
    is used then OpenSSL falls back to non-side channel resistant code
    paths which may result in full key recovery during an ECDSA
    signature operation. In order to be vulnerable an attacker
    would have to have the ability to time the creation of a large
    number of signatures where explicit parameters with no co-factor
    present are in use by an application using libcrypto. For the
    avoidance of doubt libssl is not vulnerable because explicit
    parameters are never used.

CVE-2019-1563

    In situations where an attacker receives automated notification of
    the success or failure of a decryption attempt an attacker, after
    sending a very large number of messages to be decrypted, can recover
    a CMS/PKCS7 transported encryption key or decrypt any RSA encrypted
    message that was encrypted with the public RSA key, using a
    Bleichenbacher padding oracle attack. Applications are not affected
    if they use a certificate together with the private RSA key to the
    CMS_decrypt or PKCS7_decrypt functions to select the correct
    recipient info to decrypt.

For Debian 8 "Jessie", these problems have been fixed in version
1.0.1t-1+deb8u12.

We recommend that you upgrade your openssl packages.

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
-----BEGIN PGP SIGNATURE-----

iQKTBAEBCgB9FiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAl2L4pJfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD
RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQACgkQ2a0UuVE7
UeQr5A//RW9tunRmRxsPPERNyfm1tD8vsSqZS2lEGh1f9ZuyMQQoR0t7BzWn0a+c
RcDQtRe2iUtLYaX8PRvGQdWP7/0a/XWL6tqic6deQv+vnD/tZidc+WprvJ+ciNoG
EBMfGafMQZ1nQ0lUth6A7wHtZNtyFUYsvvjS8hJ6CIdfpMBgofJX8ftYoaAhk5qC
3uvCk4gTE//Q6Ej4+fOwlrppbGqLvKGyEipK/OwK4X8xu7lVK4jINHN6mGG/Y8Co
aiNGcICroqm6o4Yzwt+6vgUzTZwSt87EMJcU+1HrYJKWpFJgBUTcUlRUyAfFP/GG
9XV8UbmSrkK8mTEr0ebLj415PY7EnfGbSytbzpSBWYSS830mEWU38YlIdVuvSYm8
Ht/jSrnPHozvbrXUmZ1O9DCGgzjI4bYxUHNKzvdTTlkTtKLmPTAqkrNf29//NElF
u3tU3WJXJPQzjK3bOR5IUXUFFQdTaI0Ntt4NZQYT0rRO4Q5bupGKpwpnZ2zBtp+q
D5iuUXnKC9KsiALKat6Rl8P41Hae9NlslPN1PBDXCQm4QrrHvFJjEzHnGvy/aPju
j8gm7EdVQj/a39Ftdlh58VwBf83PwuvwIRWe4ymlATnm+iswxcSNQBXQKPllvAed
LwuaMne4b3G3rgvv+ku530h3itvXHj22yvpukBA/qbBjOVrtLz4=
=RstY
-----END PGP SIGNATURE-----

Reply to:

Prev by Date: [SECURITY] [DLA 1930-1] linux security update
Next by Date: [SECURITY] [DLA 1933-1] ruby-nokogiri security update
Previous by thread: [SECURITY] [DLA 1930-1] linux security update
Next by thread: [SECURITY] [DLA 1933-1] ruby-nokogiri security update
Index(es):
- Date
- Thread