You are here
Home > Preporuke > Sigurnosni nedostaci programskog paketa openssl

Sigurnosni nedostaci programskog paketa openssl

  • Detalji os-a: WN7
  • Važnost: IMP
  • Operativni sustavi: L
  • Kategorije: LDE

—–BEGIN PGP SIGNED MESSAGE—–
Hash: SHA512

– ————————————————————————-
Debian Security Advisory DSA-4157-1 security@debian.org
https://www.debian.org/security/ Salvatore Bonaccorso
March 29, 2018 https://www.debian.org/security/faq
– ————————————————————————-

Package : openssl
CVE ID : CVE-2017-3738 CVE-2018-0739

Multiple vulnerabilities have been discovered in OpenSSL, a Secure
Sockets Layer toolkit. The Common Vulnerabilities and Exposures project
identifies the following issues:

CVE-2017-3738

David Benjamin of Google reported an overflow bug in the AVX2
Montgomery multiplication procedure used in exponentiation with
1024-bit moduli.

CVE-2018-0739

It was discovered that constructed ASN.1 types with a recursive
definition could exceed the stack, potentially leading to a denial
of service.

Details can be found in the upstream advisory:
https://www.openssl.org/news/secadv/20180327.txt

For the oldstable distribution (jessie), these problems have been fixed
in version 1.0.1t-1+deb8u8. The oldstable distribution is not affected
by CVE-2017-3738.

For the stable distribution (stretch), these problems have been fixed in
version 1.1.0f-3+deb9u2.

We recommend that you upgrade your openssl packages.

For the detailed security status of openssl please refer to its security
tracker page at:
https://security-tracker.debian.org/tracker/openssl

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: debian-security-announce@lists.debian.org
—–BEGIN PGP SIGNATURE—–

iQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAlq9UxtfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2
NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xND
z0Qi/Q//U7BsT4ITKgPcpErXfKx5RXi2xcPw/trUr83HqZvNIR99HUnQPVYbkyyX
PLvB6xhmPAjx4cQFff8e5EIHR2OpoRzZ5nAvqo2b2bn1liVL1/pllYmj5HiHz5tb
8NXuDrDpO432rFDgrba6LDlXulq4Kux/NJpg1G/CkzNHMXXZR9xi3JZDMZU7jiZC
eGynQd1MLlF2+6qWIX/7KJHI+tmT4ZNDK9IDMv/YH71gvku0ICY8zB+1qeHP7mPN
dYYC6v5rqrES1SF//NxYu26E/YNo7krn6tN0OPhoDRZ3aPuqyOfB7QpxHOsdztfQ
2mIcXzS5JXdhQ5J8aEBrziAQ/nSoW+T533LniXVIiSQn+sYjrjg1vRt5PrBLx2N0
CNX4OVcstV2bGYKknOGYBVnEzURGoeydHx3zZn/OflCe+X6lpxQAwmfgrw4+T+FX
QxnjVEn4e5HeR2RGOnHzA6g3GuyJ+OeU3g0WEbAgOhqowTx3OOX7/htYnt702GKQ
9aA4ypYG8228owbno857nfnDb6eGbeqeH3BF8B20p4VHwlL1+XxyMmM+yzgbwCoA
8npl1DiiyUNBFl3WpQrjg7NwWXw+EGp5F+GxRip9yO/8cxKXn3+LqZP7gGR/+Mz5
ATXpKzuY6L8Gzh4Y+W7IH+iApSpSOlDXzo18PVCfp9qxnKNjetA=
=whaV
—–END PGP SIGNATURE—–

—–BEGIN PGP SIGNED MESSAGE—–
Hash: SHA512

– ————————————————————————-
Debian Security Advisory DSA-4158-1 security@debian.org
https://www.debian.org/security/ Salvatore Bonaccorso
March 29, 2018 https://www.debian.org/security/faq
– ————————————————————————-

Package : openssl1.0
CVE ID : CVE-2018-0739

It was discovered that constructed ASN.1 types with a recursive
definition could exceed the stack, potentially leading to a denial of
service.

Details can be found in the upstream advisory:
https://www.openssl.org/news/secadv/20180327.txt

For the stable distribution (stretch), this problem has been fixed in
version 1.0.2l-2+deb9u3.

We recommend that you upgrade your openssl1.0 packages.

For the detailed security status of openssl1.0 please refer to its
security tracker page at:
https://security-tracker.debian.org/tracker/openssl1.0

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: debian-security-announce@lists.debian.org
—–BEGIN PGP SIGNATURE—–

iQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAlq9WYdfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2
NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xND
z0Sb9RAAoKGLpk9eLzxogiZ5mrFolsRAsDX+zWuzzDjWbg4qf06vi8Vtvk0pkT+Q
vUV7UT5imCs1g72I2jN8zfkzGWsZS0mb5SdgZ2+k7IwAElCPg3wsv1l9/WAcIFJC
7GdB4jtgbgWyNNplGPUmbfpl88gHPVOq9J/7uwut3mUDi2MN/pDGr2rk0JE+1i05
BY2krOz5Pn9HBKKg46713I9s3BfgqaDt9W4sAOh+A4+vmXT1fw5c+TNKedCC05Vu
W6gEUcxTwlgJN5Sf9+gUXg1VGyfYrYs4re55rsog6bUBDmisD3bb0lUNp97z5VZN
epkZlZs+PlBP8hYhDFRzgpmzoJs5sMqBXUwCdF9JNRvzUF8xwlZ90T3/ZOv2LkOd
S3Gl7HKgyRqQZzFRXVYeWi5Mo0zUOq9qqOI2C3X41T40VHcVTicYEi/hMFvGsLjA
SnRXlc7tGc4qE+QXzNK5XXZKdCnJkruZA6Ch2obzfD6UBipQRNLP4nDw7B5m3bXS
fMu86Zamp1uaziEFZU769GyAc9gTqSpoD2MDK0NCAbWbbPMJP4E+gtvxeT3OYvm9
TWSvf/YkUnge0RCu93mDxVAHXac8bVIGjyTyqBw+OZApCQHq4vjPxP+HDs0OS+6H
d8CBhzzKxOk5+9uWskywfVaCB4Zd2q5KNcAY78UfMsdswpEsjm4=
=Nuhw
—–END PGP SIGNATURE—–

AutorDanijel Kozinovic
Cert idNCERT-REF-2018-03-0001-ADV
CveCERT-CVE-DUMMY
ID izvornikaCERT-ORIGID-DUMMY
ProizvodCERT-DUMMY-PRODUCT
IzvorAdobe
Top
More in Preporuke
Sigurnosni nedostatak programskog paketa slf4j

Otkriven je sigurnosni nedostatak u programskom paketu slf4j za operacijski sustav Fedora. Otkriveni nedostatak potencijalnim napadačima omogućuje izvršavanje proizvoljnog programskog...

Close