[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[SECURITY] [DSA 4158-1] openssl1.0 security update
- To: bugtraq@xxxxxxxxxxxxxxxxx
- Subject: [SECURITY] [DSA 4158-1] openssl1.0 security update
- From: Salvatore Bonaccorso <carnil@xxxxxxxxxx>
- Date: Thu, 29 Mar 2018 21:40:38 +0000
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
- -------------------------------------------------------------------------
Debian Security Advisory DSA-4158-1 security@xxxxxxxxxx
https://www.debian.org/security/ Salvatore Bonaccorso
March 29, 2018 https://www.debian.org/security/faq
- -------------------------------------------------------------------------
Package : openssl1.0
CVE ID : CVE-2018-0739
It was discovered that constructed ASN.1 types with a recursive
definition could exceed the stack, potentially leading to a denial of
service.
Details can be found in the upstream advisory:
https://www.openssl.org/news/secadv/20180327.txt
For the stable distribution (stretch), this problem has been fixed in
version 1.0.2l-2+deb9u3.
We recommend that you upgrade your openssl1.0 packages.
For the detailed security status of openssl1.0 please refer to its
security tracker page at:
https://security-tracker.debian.org/tracker/openssl1.0
Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/
Mailing list: debian-security-announce@xxxxxxxxxxxxxxxx
-----BEGIN PGP SIGNATURE-----
iQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAlq9WYdfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2
NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xND
z0Sb9RAAoKGLpk9eLzxogiZ5mrFolsRAsDX+zWuzzDjWbg4qf06vi8Vtvk0pkT+Q
vUV7UT5imCs1g72I2jN8zfkzGWsZS0mb5SdgZ2+k7IwAElCPg3wsv1l9/WAcIFJC
7GdB4jtgbgWyNNplGPUmbfpl88gHPVOq9J/7uwut3mUDi2MN/pDGr2rk0JE+1i05
BY2krOz5Pn9HBKKg46713I9s3BfgqaDt9W4sAOh+A4+vmXT1fw5c+TNKedCC05Vu
W6gEUcxTwlgJN5Sf9+gUXg1VGyfYrYs4re55rsog6bUBDmisD3bb0lUNp97z5VZN
epkZlZs+PlBP8hYhDFRzgpmzoJs5sMqBXUwCdF9JNRvzUF8xwlZ90T3/ZOv2LkOd
S3Gl7HKgyRqQZzFRXVYeWi5Mo0zUOq9qqOI2C3X41T40VHcVTicYEi/hMFvGsLjA
SnRXlc7tGc4qE+QXzNK5XXZKdCnJkruZA6Ch2obzfD6UBipQRNLP4nDw7B5m3bXS
fMu86Zamp1uaziEFZU769GyAc9gTqSpoD2MDK0NCAbWbbPMJP4E+gtvxeT3OYvm9
TWSvf/YkUnge0RCu93mDxVAHXac8bVIGjyTyqBw+OZApCQHq4vjPxP+HDs0OS+6H
d8CBhzzKxOk5+9uWskywfVaCB4Zd2q5KNcAY78UfMsdswpEsjm4=
=Nuhw
-----END PGP SIGNATURE-----