Debian: DSA-3773-1 Critical: OpenSSL Timing Attack, DoS Threats
debian
January 27, 2017
Several vulnerabilities were discovered in OpenSSL: CVE-2016-7056
Topics Covered
Summary
Several vulnerabilities were discovered in OpenSSL:
CVE-2016-7056
A local timing attack was discovered against ECDSA P-256.
CVE-2016-8610
It was discovered that no limit was imposed on alert packets during
an SSL handshake.
CVE-2017-3731
Robert Swiecki discovered that the RC4-MD5 cipher when running on
32 bit systems could be forced into an out-of-bounds read, resulting
in denial of service.
For the stable distribution (jessie), these problems have been fixed in
version 1.0.1t-1+deb8u6.
For the unstable distribution (sid), these problems have been fixed in
version 1.1.0d-1 of the openssl source package and in version 1.0.2k-1
of the openssl1.0 source package.
We recommend that you upgrade your openssl packages.
Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/
PREVIOUS
NEXT
Severity
critical
Lowest
Low
Medium
High
Critical
Package: openssl
CVE ID: CVE-2016-7056 CVE-2016-8610 CVE-2017-3731
Topics Covered
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Related News
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!