Hyvä. Kiitti. On 1 Jan 2014 14:14, "Moritz Muehlenhoff" <j...@debian.org> wrote:
> -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > - ------------------------------------------------------------------------- > Debian Security Advisory DSA-2833-1 secur...@debian.org > http://www.debian.org/security/ Moritz Muehlenhoff > January 01, 2014 http://www.debian.org/security/faq > - ------------------------------------------------------------------------- > > Package : openssl > Vulnerability : several > Problem type : local > Debian-specific: no > CVE ID : CVE-2013-6449 CVE-2013-6450 > Debian Bug : 732754 732710 > > Multiple security issues have been fixed in OpenSSL: The TLS 1.2 support > was susceptible to denial of service and retransmission of DTLS messages > was fixed. In addition this updates disables the insecure Dual_EC_DRBG > algorithm (which was unused anyway, see > http://marc.info/?l=openssl-announce&m=138747119822324&w=2 for further > information) and no longer uses the RdRand feature available on some > Intel CPUs as a sole source of entropy unless explicitly requested. > > For the stable distribution (wheezy), these problems have been fixed in > version 1.0.1e-2+deb7u1. > > For the unstable distribution (sid), these problems have been fixed in > version 1.0.1e-5. > > We recommend that you upgrade your openssl packages. > > Further information about Debian Security Advisories, how to apply > these updates to your system and frequently asked questions can be > found at: http://www.debian.org/security/ > > Mailing list: debian-security-annou...@lists.debian.org > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1.4.15 (GNU/Linux) > > iEYEARECAAYFAlLEBDMACgkQXm3vHE4uylpEbACg55hvNWUo8hTUtqMNoOeP986v > dG0AoJXsQoWloicwYo4fM8EwkbWxjun+ > =KlR6 > -----END PGP SIGNATURE----- > > > -- > To UNSUBSCRIBE, email to debian-security-announce-requ...@lists.debian.org > with a subject of "unsubscribe". Trouble? Contact > listmas...@lists.debian.org > Archive: > http://lists.debian.org/20140101120910.GA6406@pisco.westfalen.local > >