-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 - ------------------------------------------------------------------------- Debian Security Advisory DSA-3773-1 security@xxxxxxxxxx https://www.debian.org/security/ Moritz Muehlenhoff January 27, 2017 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : openssl CVE ID : CVE-2016-7056 CVE-2016-8610 CVE-2017-3731 Several vulnerabilities were discovered in OpenSSL: CVE-2016-7056 A local timing attack was discovered against ECDSA P-256. CVE-2016-8610 It was discovered that no limit was imposed on alert packets during an SSL handshake. CVE-2017-3731 Robert Swiecki discovered that the RC4-MD5 cipher when running on 32 bit systems could be forced into an out-of-bounds read, resulting in denial of service. For the stable distribution (jessie), these problems have been fixed in version 1.0.1t-1+deb8u6. For the unstable distribution (sid), these problems have been fixed in version 1.1.0d-1 of the openssl source package and in version 1.0.2k-1 of the openssl1.0 source package. We recommend that you upgrade your openssl packages. Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-announce@xxxxxxxxxxxxxxxx -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAliLo/kACgkQEMKTtsN8 TjZTrA/+OyKEr6KnRgToU5LzrXyOQRTW9UgAD9jl0gjDbLiWQRb4SqsBUGHAqHWY K2Hmo6HgN+gr0rLQnk09ivv7ND8FmdxuONbaHvllNKa8JnD9AByusAODhkI4bJLV FWy5uGS2L/vrs79g1GtZiCyXdwBFGLZArf4rzRNmbBJfMhm8Wll+rMVEiRNXV67U xvi3sVBcrNO9PfD/c+BTaVwvMNMkHb9hnTNUbeVSCSPlnik3uSS2UNtwUdBNZzKb vnVVMWK7mj6+OuDT5rksYsBKhsyzRoY+ehxHiWCV2PvYoXpeHxDgezkT/6LWFb+o R7jyjsrB8cglSnIn/7dpCJePIhY9k+Lpx9WmsQ3XROp1BMpDVqepb82cWy1PCDdu 1AL2lHbv6A2ST1tw1rli08napxXSjEebKvFzg8/Hd5yuBEUPe92wQWAjzjYcpPtJ vlseoNIB5YvVS8+UKr5bhYYp43nNFgP47b+z16xrAbxrDrWl+DnYAzCFyuoypLU9 rFUnPyWfF9dcI5LsAMXgbnozw5PlxPjMc6vs305SwGlTVw6+o81obM4YEGRjU7gS 8jcGERUFBW62RyulmAhp8TAFgqcUpKWbvPAkbe/rQvNK1JEy4xT/xt9Z+AVu8y2s Xz2Xd4ZN9pdvBvvXZqw3MZfV0e4KhMd0eFyVcAgBgLAbu8kTJjI= =7Jwc -----END PGP SIGNATURE-----