| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Sun, 16 Sep 2018 20:58:39 +0000 From: Moritz Muehlenhoff <jmm@...ian.org> To: bugtraq@...urityfocus.com Subject: [SECURITY] [DSA 4296-1] mbedtls security update -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-4296-1 security@...ian.org https://www.debian.org/security/ Moritz Muehlenhoff September 16, 2018 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : mbedtls CVE ID : CVE-2018-0497 CVE-2018-0498 Two vulnerabilities were discovered in mbedtls, a lightweight crypto and SSL/TLS library which could result in plain text recovery via side-channel attacks. For the stable distribution (stretch), these problems have been fixed in version 2.4.2-1+deb9u3. We recommend that you upgrade your mbedtls packages. For the detailed security status of mbedtls please refer to its security tracker page at: https://security-tracker.debian.org/tracker/mbedtls Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-announce@...ts.debian.org -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAluev60ACgkQEMKTtsN8 TjYmpxAAvj1nHlHctu+vpIZ4xHmywyYZQhPaoYrO5PzvveBNk2B6AHiHVUu28ybp nXAVJL3p/vy9L670TJhaswOwvA/UWJbn8ITCVnAnW13gzALgq59LIPxApwnArRhi aORE2NPRMauxf+2BHLNXFmwYP4Rs/HHFHXOLO/DUAjKoQdlnxtfNb8a0oayS7HvB SwySJEairjlqBjSHjUAIhBF8mPLlr/qab++NWPKOc55TxcnqjdDahuj6wSkEIKgx jr3yyCGS1iJHLF4uJMRQ/vanIjHSkwSZhdJ0scrV/g322sJp1gFItbvvDK2cMs7d q2+seeGF/f4Vwk78oDYs0P/UfE4NTwA6atSd5Bxnk2pcXShb9lKz42ivPFK7uiXP x0LQIek7nqQPBXfIiKOPgVDr+KBXTVA2Z19EtTAXxeykfT/4zW8MMcR5TGI0/8+P GwuEvkVaGREBS7+wXBH8l2D89MUsRotZC349Yc1cT6gZNyb3BAmGrAOj+yoN2Qki jHMS/xMdqKWkGfmuUy4oY9hswsxNoPZ3GLg1vy/wFdjq9geo/rjvvBigo5iVWswd LqeOZ00qyQITcEHdqxd6qJTKZOBmlia3OF50AwhRGzPVnBnkMYb1ydb0HYKi8N8I eNGX7KNZiNNzpHwADhNEdBhKk3+cFjkdO1WV7efenC/WFVHKX6Y= =yUuK -----END PGP SIGNATURE-----
Powered by blists - more mailing lists