lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <20170411204509.53ujnjt4tasp37e3@pisco.westfalen.local>
Date: Tue, 11 Apr 2017 22:45:09 +0200
From: Moritz Muehlenhoff <jmm@...ian.org>
To: bugtraq@...urityfocus.com
Subject: [SECURITY] [DSA 3829-1] bouncycastle security update

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

- -------------------------------------------------------------------------
Debian Security Advisory DSA-3829-1                   security@...ian.org
https://www.debian.org/security/                       Moritz Muehlenhoff
April 11, 2017                        https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : bouncycastle
CVE ID         : CVE-2015-6644

Quan Nguyen discovered that a missing boundary check in the
Galois/Counter mode implementation of Bouncy Castle (a Java
implementation of cryptographic algorithms) may result in information
disclosure.

For the stable distribution (jessie), this problem has been fixed in
version 1.49+dfsg-3+deb8u2.

For the upcoming stable distribution (stretch), this problem has been
fixed in version 1.54-1.

For the unstable distribution (sid), this problem has been fixed in
version 1.54-1.

We recommend that you upgrade your bouncycastle packages.

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: debian-security-announce@...ts.debian.org
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAljtQBMACgkQEMKTtsN8
TjbtAhAAr0BB7KLMM3KmphxUlXmGJDCr7s3rs831xuMHDxs1hzm0ykIJg/wHp/dc
LngUdeY/qlESw0YUI687LrIi1WyIbNWFSZrAVHtI4Wdflo3GR7gTi2DrcqMCUDW1
qXPpT2++lbvyiqgJsinPaw7s8IJ3YihUp/rBcJTeXQvD5zs/mjB8cEDh38jDHXeM
DdFQbVrn04Sp1Q0qjGDMEw6UtpghRxrOOvWXPUx7YsD1jGAQ2ZY6CmtEiEKhbEq5
M3G3E3FN0/vAq+ViqrO5TEKSFCNuqUxQGdy+pVB/fggIDgxg5jWSMokODKJa/HoD
GYn1PNUF45UXHC0KCYpEbEwOZ/YSI61cHa/nOuIzPtY+AtrbDqxFHLX1SOdeGvvH
+YiZRbKCY4dRXetUQpDwzaBxmRml99i6/Tsjlp2LMYeCjMgNDNmTcy0yrPg9Wy+0
zAwm+vvlFfuvVSY4d5RI85JhWd+iKjGJGmpbPF0gNldi706PMR3juPi+3aGCe3LT
Go9pev5aZMhbRQSSrTNe1p7iKFjsUbF7TaKMZ/cxOsL2n/tdyqTEYZP37Ve8pwuB
taTcQS+MwlyQFpMBJbPpJfCeB+Bc97jZCZIDiJdkm+Fi8mhIW7uANxNChz+1BHb5
1hGvGE6IXTMd54kgGzMhUG9LFH8WlYlqDeKGNZfSulyrIxHZ2vU=
=RACT
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ