Debian Security Advisory 3437-1

Debian Security Advisory 3437-1: Posted Jan 11, 2016; Authored by Debian | Site debian.org; Debian Linux Security Advisory 3437-1 - Karthikeyan Bhargavan and Gaetan Leurent at INRIA discovered a flaw in the TLS 1.2 protocol which could allow the MD5 hash function to be used for signing ServerKeyExchange and Client Authentication packets during a TLS handshake. A man-in-the-middle attacker could exploit this flaw to conduct collision attacks to impersonate a TLS server or an authenticated TLS client.; tags | advisory, protocol; systems | linux, debian; advisories | CVE-2015-7575; SHA-256 | 868dce8773c5d2e53cf3af16d82945ada88658e24fa28370ccaf5449ba858dfc; Download | Favorite | View

Debian Security Advisory 3437-1

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- -------------------------------------------------------------------------
Debian Security Advisory DSA-3437-1                   security@debian.org
https://www.debian.org/security/                     Salvatore Bonaccorso
January 09, 2016                      https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : gnutls26
CVE ID         : CVE-2015-7575

Karthikeyan Bhargavan and Gaetan Leurent at INRIA discovered a flaw in
the TLS 1.2 protocol which could allow the MD5 hash function to be used
for signing ServerKeyExchange and Client Authentication packets during a
TLS handshake. A man-in-the-middle attacker could exploit this flaw to
conduct collision attacks to impersonate a TLS server or an
authenticated TLS client.

More information can be found at
https://www.mitls.org/pages/attacks/SLOTH

For the oldstable distribution (wheezy), this problem has been fixed
in version 2.12.20-8+deb7u5.

We recommend that you upgrade your gnutls26 packages.

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: debian-security-announce@lists.debian.org
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBCgAGBQJWkPbrAAoJEAVMuPMTQ89E+qIQAJ1oiUBHGjSqV/gzponGHBu8
QlwJiStNNWEcK/f9yX7dJvaIaFaYCXVd8Q/98vOa2C7PSgYhm2/OfJHXegtU8eNK
lblnMP1SXZd+SuwTLcN0eotAL9dAQyMyxaqKYRP6U+7ikbqdqZpJAEZZIDMImmTd
HKBCFCvA77Dy5LobZuQAi8rXOu/KxQfzyIe3P5mF99X9JHPA09YqGW194C7A/ggv
e/BQSeawWNNc9p6cWg31GrLLp3HQZHOed+OiFDzf+EGvyhoU5LOfXTc+BqRjUDS9
IlflO63WzHzWUSg/O5JQtlBn++aT2PgU7gbsLOBoZWhfIBkV6ZyL4JDkLI8rnz/9
/Y4tK2z4qSC5OU15v017xrw1YDYe1OimAPHM2MOFCFop2UD3Zj72GhXtb7XGZI2W
q9QdRMvxbDUoUfEq9OsT27T0vaAzYgQyEK+NTL/EIgRuHMfaDlii0V+bFjDHWiPG
CaPXi7IhVOA9kLfg4mvWXN9OAcureyNwNM6pPr3/HUiGVr1CWbH9Cm7l/U9H2FjC
NQJgRMXADQEhIYu1A3oGi2whORLSFEgdZWpvFX0fyL/sF+gxkrUXYWo/fHgTVDtM
y2RGh5USgYxikGwoiwGwSbCL7qPX7KnNMecwXOvq+RrhlPqtnafIdUBGmK0P0niA
K095DZSPfOvvv9cfzYTS
=uOs8
-----END PGP SIGNATURE-----

Top Authors In Last 30 Days

Red Hat 179 files
Ubuntu 58 files
Debian 26 files
LiquidWorm 11 files
Valentin Lobstein 11 files
nu11secur1ty 8 files
Apple 6 files
Google Security Research 5 files
E1.Coders 4 files
malvuln 4 files

File Archives

Systems

AIX (429)
Apple (2,078)
BSD (376)
CentOS (58)
Cisco (1,927)
Debian (7,014)
Fedora (1,693)
FreeBSD (1,246)
Gentoo (4,467)
HPUX (880)
iOS (373)
iPhone (108)
IRIX (220)
Juniper (69)
Linux (49,227)
Mac OS X (691)
Mandriva (3,105)
NetBSD (256)
OpenBSD (488)
RedHat (15,501)
Slackware (941)
Solaris (1,611)
SUSE (1,444)
Ubuntu (9,439)
UNIX (9,391)
UnixWare (187)
Windows (6,649)
Other

Debian Security Advisory 3437-1

Debian Security Advisory 3437-1

File Archive:

April 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems

Debian Security Advisory 3437-1

Share This

Debian Security Advisory 3437-1

File Archive:

April 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems