Mon, 24 Sep 2018 15:10:07 +0200 [SECURITY] [DSA 4305-1] strongswan security update Sze Yiu Chau and his team from Purdue University and The University of Iowa found several issues in the gmp plugin for strongSwan, an IKE/IPsec suite. Problems in the parsing and verification of RSA signatures could lead to a Bleichenbacher-style low-exponent signature forgery in certificates and during IKE authentication. While the gmp plugin doesn't allow arbitrary data after the ASN.1 structure (the original Bleichenbacher attack), the ASN.1 parser is not strict enough and allows data in specific fields inside the ASN.1 structure. Only installations using the gmp plugin are affected (on Debian OpenSSL plugin has priority over GMP one for RSA operations), and only when using keys and certificates (including ones from CAs) using keys with an exponent e = 3, which is usually rare in practice. version 5.5.1-4+deb9u3 Confirmed: ascii-security
Sun, 23 Sep 2018 18:27:55 +0000 [SECURITY] [DSA 4304-1] firefox-esr security update version 60.2.1esr-1~deb9u1 Confirmed: ascii-security Note: ceres contains v60.2.1esr-1 Sun, 23 Sep 2018 18:23:23 +0000 [SECURITY] [DSA 4303-1] okular security update version 4:16.08.2-1+deb9u1. Confirmed: ascii-security Sun, 23 Sep 2018 15:34:19 +0000 [SECURITY] [DSA 4302-1] openafs security update version 1.6.20-2+deb9u2 Confirmed: ascii-security Sat, 22 Sep 2018 15:13:12 +0000 [SECURITY] [DSA 4301-1] mediawiki security update version 1:1.27.5-1~deb9u1 Confirmed: ascii-security Sat, 22 Sep 2018 14:01:58 +0000 [SECURITY] [DSA 4300-1] libarchive-zip-perl security update version 1.59-1+deb9u1 Confirmed: ascii-security Fri, 21 Sep 2018 15:01:29 +0200 [SECURITY] [DSA 4299-1] texlive-bin security update version 2016.20160513.41080.dfsg-2+deb9u1 Confirmed: ascii-security Thu, 20 Sep 2018 19:04:19 +0000 [SECURITY] [DSA 4298-1] hylafax security update version 3:6.0.6-7+deb9u1 Confirmed: ascii-security Wed, 19 Sep 2018 01:15:22 -0400 [SECURITY] [DSA 4297-1] chromium-browser security update version 69.0.3497.92-1~deb9u1. Confirmed: ascii-security Note: beowulf and ceres contain v69.0.3497.92-1 _______________________________________________ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng