Alerts This Week
Warning Icon 1 666
Alerts This Week
Warning Icon 1 666

Debian 9: DSA-4567-2 Urgent: OpenSSL SSL Vulnerability Addressed

debian
Calendar Grey January 8, 2016
Debian Logo
Debian has issued updates for OpenSSL addressing crucial TLS vulnerabilities, potentially allowing attackers to perform man-in-the-middle attacks, impersonating clients and servers.
Karthikeyan Bhargavan and Gaetan Leurent at INRIA discovered a flaw in the TLS 1.2 protocol which could allow the MD5 hash function to be used for signing ServerKeyExchange and Cli...
Topics%20covered

Topics Covered

security advisory update critical debian man-in-the-middle openssl tls flaw

Summary

More information can be found at
https://www.mitls.org/pages/attacks/SLOTH

For the oldstable distribution (wheezy), this problem has been fixed
in version 1.0.1e-2+deb7u19.

For the stable distribution (jessie), the testing distribution (stretch)
and the unstable distribution (sid), this issue was already addressed in
version 1.0.1f-1.

We recommend that you upgrade your openssl packages.

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/



Severity
important
Lowest
Low
Medium
High
Critical

Package: openssl
CVE ID: CVE-2015-7575

Topics%20covered

Topics Covered

security advisory update critical debian man-in-the-middle openssl tls flaw

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Related News

Your message here