Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2020.3318 openssl1.0 security update 28 September 2020 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: openssl1.0 Publisher: Debian Operating System: Debian GNU/Linux 9 Impact/Access: Access Privileged Data -- Remote/Unauthenticated Resolution: Patch/Upgrade CVE Names: CVE-2020-1968 Reference: ESB-2020.3170 Original Bulletin: https://lists.debian.org/debian-lts-announce/2020/09/msg00016.html - --------------------------BEGIN INCLUDED TEXT-------------------- - ------------------------------------------------------------------------- Debian LTS Advisory DLA-2378-1 debian-lts@lists.debian.org https://www.debian.org/lts/security/ Roberto C. S=E1nchez September 25, 2020 https://wiki.debian.org/LTS - ------------------------------------------------------------------------- Package : openssl1.0 Version : 1.0.2u-1~deb9u2 CVE ID : CVE-2020-1968 Robert Merget, Marcus Brinkmann, Nimrod Aviram, and Juraj Somorovsky discovered that certain Diffie-Hellman ciphersuites in the TLS specification and implemented by OpenSSL contained a flaw. A remote attacker could possibly use this issue to eavesdrop on encrypted communications. This was fixed in this update by disabling the insecure ciphersuites. For Debian 9 stretch, this problem has been fixed in version 1.0.2u-1~deb9u2. We recommend that you upgrade your openssl1.0 packages. For the detailed security status of openssl1.0 please refer to its security tracker page at: https://security-tracker.debian.org/tracker/openssl1.0 Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS - -----BEGIN PGP SIGNATURE----- iQIzBAABCgAdFiEEz9ERzDttUsU/BH8iLNd4Xt2nsg8FAl9uZ1oACgkQLNd4Xt2n sg/1RQ//eLbENJuLeKnjfHaJQJSk7lQBVfgdA6TCzurUMBh5h8+FhAVk3Ahra59s BrDaVYiV9+rCgq3FjIJAWTipaOg0eKcxiPP6XKbP2/gBbnqgOZksCajS2cQUPlT1 xDkcJCbGRBUFrmTq4iChqbNejZh+OBD26HddS0FSEcBYH7QWVw4g5QSPRljx0LIx sG1e3RZ4iEUkWkaWZs9HA9tBEp0UzLADhn3Ignk/K+D1C9t8mKNLxoYc46JcG2gU J+omWZidKpN7zxcTaSeCuZTn6kq19rzPMWiR3dJU03pBQOXfiROyec+nAXuBBgjk wQhat5DhrGUVl4MRBkNjVH3PBEDJ6d6+wL5s5W1ZGrt7yk+2LWwNBK7l0lPSKpjh Jn0axoV+6d0phb2M1T1k/wx+l1uFvCE+GVGFsaVdu3y5a/Soghe7mjgvm7ymqMoS WTEmWtbabJyTHF93uUWLWeCmfuH+DKbT4z1djWOorVfuVWp9pinQE7u1nDS3VUGx nQiyS5eS3SKndKwyBegx9f87oGRMLwjJ+aJFk4ZtYejQGrXfvyKQMu00Y7sc6VG3 dB3agSAwULU+FYLrSM8VieGnfUpcDy4EBe7aBwoT9Uvc3Nznq+tIHkHq8at57Son K6d+jWCF12/USz6FHc4G6+kM5BT/1nhFE+TGNmLK7w8XJYxYHRk= =ti6F - -----END PGP SIGNATURE----- - --------------------------END INCLUDED TEXT-------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: https://www.auscert.org.au/bulletins/ =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBX3FJDONLKJtyKPYoAQhtcQ//WlTtgvivU2bhpyfIYQ2ViApCUbNkxOsY YOVTDK1GKv+9svG7o1n48Fla2D2lnOJbiotahiC6rWTzXx8+x/GDYEjydzJK5NKL OksHQXVnBMP1eBwO+L5QwEq/ZtR/MpRsT0qOkhlNK0eRWJUWhav9NLzbPB3NOABN rBin9VLAKwjbHr3e89PeRTLdo7KeiSFEpJaEjLtMYXnJ1du4FJzhQ7x83Z+/OeJw /sGuQZBm35Sc+AJLyVdBiO0scW42sShEuKnF5RW7wbUKrDXmpHuiX61VCKPsgkk1 Cl8SL1knSw9QzE8GgIno/qHyi5kwhg4z9mFY1w3hQKQHDmswFVpqK3ccLOxdcoGU JJurki0Z+nFsI1mCQW8kabFw/ubCluBSFfI/DdDxo0Q95OGIEGEVBYbLYYdu2aDI QcQxJ+Fe8zr2JTHEBVjd4qJ5nFmjGL3LZeTnfDw2dnf32/bzfr1e588p/CdC2pp6 FL3xMj0RRhb98YNbZ7i9vuL7h9m2yqBm8RBC3IODQbcBhHdoR0wD3bYDkZI4T4/w 5JlaaukL5xD09VxFMJcOJiAPdompjy3xHkfaj0Po7tceWNq68FEtT7jGyNo+a2K5 om8gw+cIYkQLBGfXl5GT6dVivhcHXsviN6X5+a9QLPdDTiu9ADN4e4sW1e6xE/Ni GS37+qSSwfE= =YJl8 -----END PGP SIGNATURE-----