Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
===========================================================================
AUSCERT External Security Bulletin Redistribution
ESB-2019.2389
openssl security update
2 July 2019
===========================================================================
AusCERT Security Bulletin Summary
---------------------------------
Product: openssl
Publisher: Debian
Operating System: Debian GNU/Linux 9
Impact/Access: Reduced Security -- Remote/Unauthenticated
Resolution: Patch/Upgrade
CVE Names: CVE-2019-1543
Reference: ESB-2019.1037
ESB-2019.0926
ESB-2019.0731
Original Bulletin:
http://www.debian.org/security/2019/dsa-4475
- --------------------------BEGIN INCLUDED TEXT--------------------
- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
- - -------------------------------------------------------------------------
Debian Security Advisory DSA-4475-1 security@debian.org
https://www.debian.org/security/ Moritz Muehlenhoff
July 01, 2019 https://www.debian.org/security/faq
- - -------------------------------------------------------------------------
Package : openssl
CVE ID : CVE-2019-1543
Joran Dirk Greef discovered that overly long nonces used with
ChaCha20-Poly1305 were incorrectly processed and could result in nonce
reuse. This doesn't affect OpenSSL-internal uses of ChaCha20-Poly1305
such as TLS.
For the stable distribution (stretch), this problem has been fixed in
version 1.1.0k-1~deb9u1. This DSA also upgrades openssl1.0 (which
itself is not affected by CVE-2019-1543) to 1.0.2s-1~deb9u1
We recommend that you upgrade your openssl packages.
For the detailed security status of openssl please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/openssl
Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/
Mailing list: debian-security-announce@lists.debian.org
- -----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAl0adR4ACgkQEMKTtsN8
Tjbh4RAArq1enTQE05VZeU6jPVXsMcZXUbFlGrMysFqUvGiR9UZaOwbFYhtmXKH9
4sjCGFRJXpyHkY2P33r6G+NmGEimD24ZdcLZnnZzO5y3uPpNsGvmBZwROt63E3zM
jXCigJAFSoJV5wctIZmD0HsaIJng1VlYXEkLI9UKA+xLYaklSFB8hSQsxeDbgazv
TqFjFJa6e7l2B81LRBC4bs0X5VmXrZKOrKcteGvSRVdtQsPnimjaEmtWVjVdzYAm
zGbEBOVckTiaYVrk9qTXHX4o4NUGuZlssLPTMK636ypMriN/Idd8g5wQFgEzYUGm
0efOFIvOIQh/ziOndA3GeWNrb7LM9Nb8viGtkRw6LoNvcjsSFNeiH36MPhc2wcqZ
HuO6UgIHmbmNFWucTCrmHdIitYJI9IJRDPOtG4lCO9AXbrZR+jRup2Q4+XYx937H
cF18bjgfIKUJ9FcKX3X/knsgfhxkFzFORycarE7lLWafr/8SxnxbZGGDyK00hTym
bQIpp/H9kOIR0dFXlahwkHMQl4b8SA1kUqf6Ts+3KceaCSQ7GilGJ6eZob1/CyQo
1xmRJvi28fwbyeuQDxtmXm/HcjkPnucYN47lwWNIE/sjmdTnstbImz4ehUuMRrkf
PQjhjhBgorRGcZbcqGyMfnZAr/Y9m+6pzXjdprSu8ZsfP1ATrKw=
=tnxv
- -----END PGP SIGNATURE-----
- --------------------------END INCLUDED TEXT--------------------
You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.
NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members. As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.
NOTE: This is only the original release of the security bulletin. It may
not be updated when updates to the original are made. If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.
Contact information for the authors of the original document is included
in the Security Bulletin above. If you have any questions or need further
information, please contact them directly.
Previous advisories and external security bulletins can be retrieved from:
https://www.auscert.org.au/bulletins/
===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072
Internet Email: auscert@auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967
iQIVAwUBXRqspWaOgq3Tt24GAQg+Yg/+NVn8Qg75X4LR2pBwK/vJQf2OZxJnbLNk
uukNEvxF9LG/o6hm00fcEXmVJUuulXuGr3XiV20lwcco6N0WYNwS91GkJWwJx9h1
cgcEffkJyH4Qwkie7CZcbw/GMgZ45vMp4kP5YjMzJYNIukLDa6Rmna0LbaN9rPp4
r+kP4q5TpB2wqx5RmLVIPp8FFfAoa+ZQaVBiMXWGRpkkDZ9sZsESIjmxPiak0OAS
JOgGBuVGELDf8TR5+bQJgIDeYvUgbGrYM6DYeQf7SoRxhwATRNmvJrwS1IKpF4jv
JHscWdL1NuBwQgaz+DeuLQkRDrRvNYTa8oFX8OgWr/y+309GkcN48hlzcXhou0UI
GGJV5sEf/hjmnRhnbTaJdEs/ddyH7kcSpmDcVRcieVfgDhq9UR7WZdWwOHxy5ykt
RyQMIu3LAmg+FNtXxjWroHVpKObC+VJXsLpF+zI9lce85HK95kNepfEldoXPIDmI
xvVz/2+JgEbMEyUVdTzTs3qGHkjL7eLI4+bZQ5dwMdSYi7wJdcnboQ6Sab+erhuV
1BHefh64nhJjfcYFIsg2KUuOrlVWhBhAz776GF+FiymdJRPFTsIIrXaCV5b5zk2P
In2jV4yRtxl7BlcYbVELi6M4HTIzWJk9tvpQw2h3yRwbGNqOekO7hoOTaQakfSMc
JEccmCoT0RE=
=Zijl
-----END PGP SIGNATURE-----