Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2014.1189 polarssl security update 21 July 2014 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: polarssl Publisher: Debian Operating System: Debian GNU/Linux 7 UNIX variants (UNIX, Linux, OSX) Windows Impact/Access: Denial of Service -- Remote/Unauthenticated Resolution: Patch/Upgrade CVE Names: CVE-2014-4911 Original Bulletin: http://www.debian.org/security/2014/dsa-2981 Comment: This advisory references vulnerabilities in products which run on platforms other than Debian. It is recommended that administrators running polarssl check for an updated version of the software for their operating system. - --------------------------BEGIN INCLUDED TEXT-------------------- - -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - - ------------------------------------------------------------------------- Debian Security Advisory DSA-2981-1 security@debian.org http://www.debian.org/security/ Salvatore Bonaccorso July 18, 2014 http://www.debian.org/security/faq - - ------------------------------------------------------------------------- Package : polarssl CVE ID : CVE-2014-4911 Debian Bug : 754655 A flaw was discovered in PolarSSL, a lightweight crypto and SSL/TLS library, which can be exploited by a remote unauthenticated attacker to mount a denial of service against PolarSSL servers that offer GCM ciphersuites. Potentially clients are affected too if a malicious server decides to execute the denial of service attack against its clients. For the stable distribution (wheezy), this problem has been fixed in version 1.2.9-1~deb7u3. For the testing distribution (jessie), this problem has been fixed in version 1.3.7-2.1. For the unstable distribution (sid), this problem has been fixed in version 1.3.7-2.1. We recommend that you upgrade your polarssl packages. Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: http://www.debian.org/security/ Mailing list: debian-security-announce@lists.debian.org - -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAEBCgAGBQJTyTxWAAoJEAVMuPMTQ89EOtgP/jQTbv+uZvjTH1pW9YWdRifE 1u1uqWvBhMySn/SpOi1M8gG8SbI0J3Zf2hhe619GWQTizIGyCsDf912j5EYMPZct U+4GkGZvH6JSREHFHgzsj4Y284mO6tr4gEmx053tx1JyY4ZE4QCDwVWjXUw/jl6e vi68m4vf/ul3Bo0oo4eivkAVewQf8zCf4M/nvpL0vKVRVzBaca8K9tEWNdN5vYvJ MfjF35k6QmHlx1ntr9QwwaUPvuzhDE83CXtdNqKHvIiu31Q1sH7fDWHb+2EXQnJZ qAa9a4Xz/cCNHNDYJdZKMqQ801b/FAE+WpMv/p+iKZJ+b8Qe4hi1jxnZFSCI8s5S IAOiyM/xETZGjqywWxIzU8WBvYVRWZX82wL01Pq0uNMhNpdLC1PAV0ayi//4z0iK Ep6O70bCAqxEUpNv71CWJdP/uZg38PCNiDgnV4Il6bXPVpW13l3nWzDKvQmLepdg 32CJ2b93HG4oB9dK5PrAAXsI4q9H0pJihF4oSzqYrxvtk6kN5QGszTguCWNh0zlg VGgejjww5zKO9vyJdaDoiCn+qBVL08FlTPEMBArulh3R+6D1ih8ftPDlZbNRVQXb FCPqqZRIeIGBMPGGwmaTMrlC3QGjhJILJxqu5/SpCqGlG+/90cYDrlOwB/9oXtNn uDyFK2A4oQPutCpJLH91 =/4R/ - -----END PGP SIGNATURE----- - --------------------------END INCLUDED TEXT-------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: http://www.auscert.org.au/render.html?cid=1980 =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBU8xfHRLndAQH1ShLAQJ2NQ/9GvGspVOnM00qJHPeppkcVsizo/jFRQ53 ZUt8cBcr/5j8I0O0tHHBXcuz8uuszwsOpT0WRtJA19dK7KSlG68ZSyVu5+ZYTQxd Tee/aKZP3IXCXcgyj7VW6ZIxT/AAlH+jwtZOPlSgJFQvGq4B/I5TOMJWvxbv3wj1 yPZePzkY2WHDuxgyPGfQcCL5mhBL6o27ht0RIZheFo6IfaFDg3VumGXmyp17t0WO 5KNhaV2vzJZeRavgP8OFn9J6DFCEhV2Z1HNeULuFtjDWSPuX6IBBBswuE4k0Ql3K bANmoXvQbimBfSI5HA0lejNwAeWP1AO3yNnXb7omRzsU0YsqDRGAF0t5AslyUf3l X3oDg+wjeujZACKVWvUhDFXQ9SNRCCiSTmo2PN5e45wqEDH+bDBw4t8zmgZdjFys yY2a5XnktbdOTwEaNlNW8mrgfrkehqq4Z75O+zBRf3W2jCxKn2VCUpIDVSDR72pW wDq7j0XHPpyJsBiPb962BWwzgdlqoOpVwtajeZihp3k6OysmGXh4xZzyyOfsU/2F /AhxOOZ/KWXsHk1VxtAz5NuTBlaVeqpAXnF6n4vLFa239mmXhaZHZoALXU3PPDwu gG7YLbiXqJgyrBsoG9ZhdKjjO4afil15LvwUFFB9Pdt0diyxxDkNPJ4HhEFMFUnw /jEy3rMvIRI= =Z3U/ -----END PGP SIGNATURE-----