[Technik] [SECURITY] [DSA 1571-1] New openssl packages fix predictable random number generator
Noèl Köthe
noel at debian.org
Tue May 13 15:54:51 CEST 2008
Am Dienstag, den 13.05.2008, 14:06 +0200 schrieb Florian Weimer:
> Debian Security Advisory DSA-1571-1 security at debian.org
> http://www.debian.org/security/ Florian Weimer
> May 13, 2008 http://www.debian.org/security/faq
>
> Package : openssl
> Vulnerability : predictable random number generator
> Problem type : remote
> Debian-specific: yes
> CVE Id(s) : CVE-2008-0166
openssl auf allen Rechnern aktualisiert.
> For the stable distribution (etch), these problems have been fixed in
> version 0.9.8c-4etch3.
changelog:
openssl (0.9.8c-4etch3) stable-security; urgency=high
* Re-introducing seeding of the random number generator. Patch from the
maintainer.
-- Florian Weimer <fw at deneb.enyo.de> Thu, 08 May 2008 01:58:40 +0200
openssl (0.9.8c-4etch2) proposed-updates; urgency=low
* Apply patch from SuSe for CVE-2007-4995. This should also
get DTLS in a working state.
* Fix CVE-2007-3108 wrong Montgomery multiplication. This was
also included in the patch from SuSe. (Closes: #438142)
-- Kurt Roeckx <kurt at roeckx.be> Sun, 06 Apr 2008 16:31:28 +0200
--
Noèl Köthe <noel debian.org>
Debian GNU/Linux, www.debian.org
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Dies ist ein digital signierter Nachrichtenteil
Url : /archiv/technik/attachments/20080513/999d3345/attachment.pgp
More information about the Technik
mailing list