drucken bookmarks versenden konfigurieren admin pdf Sicherheit: Denial of Service in OpenSSL
Name: |
Denial of Service in OpenSSL |
|
ID: |
DSA-4158-1 |
|
Distribution: |
Debian |
|
Plattformen: |
Debian stretch |
|
Datum: |
Fr, 30. März 2018, 08:30 |
|
Referenzen: |
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0739 |
|
Applikationen: |
OpenSSL |
|
Originalnachricht |
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512
- ------------------------------------------------------------------------- Debian Security Advisory DSA-4158-1 security@debian.org https://www.debian.org/security/ Salvatore Bonaccorso March 29, 2018 https://www.debian.org/security/faq - -------------------------------------------------------------------------
Package : openssl1.0 CVE ID : CVE-2018-0739
It was discovered that constructed ASN.1 types with a recursive definition could exceed the stack, potentially leading to a denial of service.
Details can be found in the upstream advisory: https://www.openssl.org/news/secadv/20180327.txt
For the stable distribution (stretch), this problem has been fixed in version 1.0.2l-2+deb9u3.
We recommend that you upgrade your openssl1.0 packages.
For the detailed security status of openssl1.0 please refer to its security tracker page at: https://security-tracker.debian.org/tracker/openssl1.0
Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/
Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE-----
iQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAlq9WYdfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2 NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xND z0Sb9RAAoKGLpk9eLzxogiZ5mrFolsRAsDX+zWuzzDjWbg4qf06vi8Vtvk0pkT+Q vUV7UT5imCs1g72I2jN8zfkzGWsZS0mb5SdgZ2+k7IwAElCPg3wsv1l9/WAcIFJC 7GdB4jtgbgWyNNplGPUmbfpl88gHPVOq9J/7uwut3mUDi2MN/pDGr2rk0JE+1i05 BY2krOz5Pn9HBKKg46713I9s3BfgqaDt9W4sAOh+A4+vmXT1fw5c+TNKedCC05Vu W6gEUcxTwlgJN5Sf9+gUXg1VGyfYrYs4re55rsog6bUBDmisD3bb0lUNp97z5VZN epkZlZs+PlBP8hYhDFRzgpmzoJs5sMqBXUwCdF9JNRvzUF8xwlZ90T3/ZOv2LkOd S3Gl7HKgyRqQZzFRXVYeWi5Mo0zUOq9qqOI2C3X41T40VHcVTicYEi/hMFvGsLjA SnRXlc7tGc4qE+QXzNK5XXZKdCnJkruZA6Ch2obzfD6UBipQRNLP4nDw7B5m3bXS fMu86Zamp1uaziEFZU769GyAc9gTqSpoD2MDK0NCAbWbbPMJP4E+gtvxeT3OYvm9 TWSvf/YkUnge0RCu93mDxVAHXac8bVIGjyTyqBw+OZApCQHq4vjPxP+HDs0OS+6H d8CBhzzKxOk5+9uWskywfVaCB4Zd2q5KNcAY78UfMsdswpEsjm4= =Nuhw -----END PGP SIGNATURE-----
|
|
|
|