Debian Security Advisory 3436-1

Debian Security Advisory 3436-1: Posted Jan 11, 2016; Authored by Debian | Site debian.org; Debian Linux Security Advisory 3436-1 - Karthikeyan Bhargavan and Gaetan Leurent at INRIA discovered a flaw in the TLS 1.2 protocol which could allow the MD5 hash function to be used for signing ServerKeyExchange and Client Authentication packets during a TLS handshake. A man-in-the-middle attacker could exploit this flaw to conduct collision attacks to impersonate a TLS server or an authenticated TLS client.; tags | advisory, protocol; systems | linux, debian; advisories | CVE-2015-7575; SHA-256 | 518d455c05a4232810a0a0d67aa2dd6c6277e044b181a622a3a6dc374f475a1d; Download | Favorite | View

Debian Security Advisory 3436-1

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- -------------------------------------------------------------------------
Debian Security Advisory DSA-3436-1                   security@debian.org
https://www.debian.org/security/                     Salvatore Bonaccorso
January 08, 2016                      https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : openssl
CVE ID         : CVE-2015-7575

Karthikeyan Bhargavan and Gaetan Leurent at INRIA discovered a flaw in
the TLS 1.2 protocol which could allow the MD5 hash function to be used
for signing ServerKeyExchange and Client Authentication packets during a
TLS handshake. A man-in-the-middle attacker could exploit this flaw to
conduct collision attacks to impersonate a TLS server or an
authenticated TLS client.

More information can be found at
https://www.mitls.org/pages/attacks/SLOTH

For the oldstable distribution (wheezy), this problem has been fixed
in version 1.0.1e-2+deb7u19.

For the stable distribution (jessie), the testing distribution (stretch)
and the unstable distribution (sid), this issue was already addressed in
version 1.0.1f-1.

We recommend that you upgrade your openssl packages.

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: debian-security-announce@lists.debian.org
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBCgAGBQJWj9bhAAoJEAVMuPMTQ89EmUsP/1S7T1VbHI51eFKlFZCzqPot
UUz0GHpuBYyHrIJhVeBT4x5sLVufgCNRIEizdtea+UvsyClnXo1nSeyrPqUegAlj
u0egswS8M8cmmJ97SQ4/1AIaFsAepohW6n/ro9rTum6rwkEbfqXQPGZGMJ0SBg/f
lo5zrgQzNTYxIp70Ya9y0Pa2aBL9s+dgwDdg1eCJqk2c6qo5K1IW4JgEH/bFzB1X
fPHglmrNFIc4J4E7K9xkb1eHejZ2kBjVa+w8Yqu85xsTmhThEWLwuJ98m3/nIFLB
+lQQLNSmL1n37cF7BpPMCwzWgnFyGX3d19uynDFETuyGLLUbznkxTktkkxBjIfwL
G9F1YGQVd9eYkquKoyhr74W86nn20GYEBY13TUgwDsF0dDM53dXslK6xCJakbSFY
XEFlKV9VlwAza43WLDIKhBF1YDxmPoUrh7Xwfj6YFprGnk+pLfrGlqkH3T+WHfgU
FFFJimFi4IPJdVV59x4zKDh4S8baoX5/66L9bwf+K5eWJEJ/loNol0wRDqa+hQEr
ye507uk9UVFuxgHfWReKPN4OI8VcHQkZQ1VdQyuWSbbAZU+kvBDfTVjXZ1i9eSz7
B9EV0ACsMSBR5W3b5X+B8IqMB3grzQUj2ae9ESxLcVsAd83/grGu4SFaJMQDxfym
GahxEfEd17Acu+5bFxvQ
=cn6q
-----END PGP SIGNATURE-----

Top Authors In Last 30 Days

Red Hat 294 files
Ubuntu 64 files
Debian 24 files
Apple 14 files
LiquidWorm 12 files
Gentoo 8 files
Google Security Research 4 files
Andrey Stoykov 3 files
Jann Horn 3 files
Alter Prime 3 files

File Archives

Systems

AIX (430)
Apple (2,132)
BSD (378)
CentOS (61)
Cisco (1,954)
Debian (7,171)
Fedora (1,693)
FreeBSD (1,247)
Gentoo (4,607)
HPUX (881)
iOS (395)
iPhone (108)
IRIX (220)
Juniper (71)
Linux (52,070)
Mac OS X (696)
Mandriva (3,105)
NetBSD (256)
OpenBSD (490)
RedHat (17,426)
Slackware (941)
Solaris (1,615)
SUSE (1,444)
Ubuntu (10,010)
UNIX (9,482)
UnixWare (188)
Windows (6,785)
Other

Debian Security Advisory 3436-1

Debian Security Advisory 3436-1

File Archive:

November 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems

Debian Security Advisory 3436-1

Share This

Debian Security Advisory 3436-1

File Archive:

November 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems