-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-4355-1 security@debian.org https://www.debian.org/security/ Moritz Muehlenhoff December 19, 2018 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : openssl1.0 CVE ID : CVE-2018-0732 CVE-2018-0734 CVE-2018-0737 CVE-2018-5407 Several local side channel attacks and a denial of service via large Diffie-Hellman parameters were discovered in OpenSSL, a Secure Sockets Layer toolkit. For the stable distribution (stretch), these problems have been fixed in version 1.0.2q-1~deb9u1. Going forward, openssl1.0 security updates for stretch will be based on the 1.0.2x upstream releases. We recommend that you upgrade your openssl1.0 packages. For the detailed security status of openssl1.0 please refer to its security tracker page at: https://security-tracker.debian.org/tracker/openssl1.0 Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAlwaxeQACgkQEMKTtsN8 TjZVQQ//eOqeqdTZgGqXS7hI2TPT/m1mLLFfGQvxKvqYAvo+eNns5PbHGvhoM3OY 6TnR7dh3PFRHogYh7IeEymFM12HmNxX75Fz5Rs2/AX8dNvbACZFWmodkE7REm1// oLaQbr74Bq0T8pzfRntLZGqTRcumfvbGEWO4Sfob/RJ9F9+LfUKdiTI6wIcNXBtr 47Lffe10gGok+5qmruMgf3fy+verwu6uLPrLX+ekHKW383gB9M26S0BwQMU2AIlu PzJ7IPL515aBdOogeCTG3Ag1nMFfkaX4537zn5QpqcPcx/NGmcyrRgHzS0CbRIBG DFlAsO5rJdAUqw660MxNgkBkUNBDok6jW79HFmjyAO2aY5/QcCN+LhLng7A3FO7F Eg+kFifibUgs2y7fGlcGMZmLzRtparDtb+MrBXXrSar/nzcdrRwSk+1gjmB8iIVO W/J7s0GFHZ2V+FfOuDeBoprH7yLT8Ny8/IBSfLe/JiiTzzh+5l9D23dRTcT0PfFy hRboNQ+VLEpl1N1mfgB6pNpRaFoMCsoXe26rpkRiEfwXVRFgcsJbAJA27kgMko4S q8JzaJo4/YiACng5u6b0bwv2IaExrEnXhfje8oxxABDNQmu5E9tu1artCtHVaL3K TNyBsE9TZNSIZQgkoVoSHbeLVdAVgBLXTyzjKNxuzCvMl0VolGY= =Q1ou -----END PGP SIGNATURE-----