Zum Inhalt springen.
Sympa Menü

it-securitynotifies - [IT-SecNots] [SECURITY] [DSA 5532-1] openssl security update

it-securitynotifies AT lists.piratenpartei.de

Betreff: Sicherheitsankündigungen

Listenarchiv

[IT-SecNots] [SECURITY] [DSA 5532-1] openssl security update


Chronologisch Thread  
    < Chronologisch >       < Thread >
  • From: Salvatore Bonaccorso <carnil AT debian.org>
  • To: debian-security-announce AT lists.debian.org
  • Subject: [IT-SecNots] [SECURITY] [DSA 5532-1] openssl security update
  • Date: Tue, 24 Oct 2023 19:19:01 +0000
  • Authentication-results: mail.piratenpartei.de; dkim=none; spf=none (mail.piratenpartei.de: domain of "bounce-debian-security-announce=it-securitynotifies=lists.piratenpartei.de AT lists.debian.org" has no SPF policy when checking 82.195.75.100) smtp.mailfrom="bounce-debian-security-announce=it-securitynotifies=lists.piratenpartei.de AT lists.debian.org"; dmarc=none
  • List-archive: https://lists.debian.org/msgid-search/E1qvMvd-00BFJF-N2 AT seger.debian.org
  • List-id: <debian-security-announce.lists.debian.org>
  • List-url: <http://lists.debian.org/debian-security-announce/>
  • Old-dkim-signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=debian.org; s=smtpauto.seger; h=Date:Message-Id:Subject:To:From:Reply-To:Cc:MIME-Version: Content-Type:Content-Transfer-Encoding:Content-ID:Content-Description: In-Reply-To:References; bh=234z4BPUVA0+mnVET/AsTmFOAMceH6EjJ2p8YJ7SmKM=; b=uT STd514I7uMId6KWKvKipprrbRCDRsuvm7xD9chwTgkwQnyDtEEtM0iWyptBCEceMpynL+vn5g/b+w XRaZC5XjrfruI3WZDBcQ1Ek67+JmuH6EBH+3dKnbjO10ogVfRMKe4qEzuYRrpi1NyXB137MMGBTmx N3wKt4US72MOrMRCVxQoAv+zd98vfRGuyhFFwf86da11gM6juODRzQgg9A04EdLGwdfCN2CpqaDLN CxNRlEIwRP/uxsij+yU5b8bw/lo/BQCabNb/7VLVMox5Sp4ZE3bq8aDJ+5qK4CDn4IQlKPnE04x8Q PoUOSroaDOw86d2JPAQHUCUGtsAKtpOw==;
  • Old-return-path: <carnil AT seger.debian.org>
  • Priority: urgent
  • Resent-date: Tue, 24 Oct 2023 19:19:32 +0000 (UTC)
  • Resent-from: debian-security-announce AT lists.debian.org
  • Resent-message-id: <P0Z8VHr5ueM.A.ZCD.EjBOlB@bendel>
  • Resent-sender: debian-security-announce-request AT lists.debian.org
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- -------------------------------------------------------------------------
Debian Security Advisory DSA-5532-1 security AT debian.org
https://www.debian.org/security/ Salvatore Bonaccorso
October 24, 2023 https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package : openssl
CVE ID : CVE-2023-5363

Tony Battersby reported that incorrect cipher key and IV length
processing in OpenSSL, a Secure Sockets Layer toolkit, may result in
loss of confidentiality for some symmetric cipher modes.

Additional details can be found in the upstream advisory:
https://www.openssl.org/news/secadv/20231024.txt

For the stable distribution (bookworm), this problem has been fixed in
version 3.0.11-1~deb12u2.

We recommend that you upgrade your openssl packages.

For the detailed security status of openssl please refer to its security
tracker page at:
https://security-tracker.debian.org/tracker/openssl

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: debian-security-announce AT lists.debian.org
-----BEGIN PGP SIGNATURE-----

iQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAmU4GHNfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2
NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xND
z0TXww//aymYKy2Mo+x2RSQkTt3ojSPDCR0nOfdMPy5yYVUQ0CL4NdngPvtGuTTb
H2pdTOBo9RF0YJzCnVA1jCS2UBc//grcsnB3RkW2zzRZbXPTELsLow43/w/jo5lZ
vm4VYlxiYUiTzXS88LM4vUGPc62cDE+BzZUDOxsygvwqpqa248T+ZdhDFSoIyoCN
WaTBjBmyhiqD7OMp4nv4ui6qX+srBbOrLNoiCbzStwbg03pi4WNrfCIKadIy5ibY
FjLL73Uyp/mHj+C1OLotPiKV1CLkW1MsHZYhen4zTchTRNEMORsoVKHLvW/X+njE
HCMmRfqIvF82EN+9fw33FGpiI70HLjyQIwVQ+NabJNLANOJG/w7NqVMPngQz7BND
ddPOnKMXFpaxmlWM+LR7HBkArSOz/cUb3lpyCheL5rs07FZDGmGZZrHKcvuFKvwS
4gvNoBSkNSMHMloAPcYI6SQsKk6ps62E55tzzhyAgIZChJYy4RH3azT/Ud2JohWe
dhN6ScXXYEOQpSePA6egfdY+2ZiH+WJnZu6yoX0WL4gbR2PQTysy/P8HMnd1QvE+
OmzyfBeUPlYEBW7Wg/7u9vROGJEQWmbwbIWptV3/BBVh+b79AvegDARNvh6y+5aX
VSbE5QHowfYzmwIASYIJoSggb6LQQY1h+SDVj/E6zlglxDE6qQ8=
=OgKn
-----END PGP SIGNATURE-----


  • [IT-SecNots] [SECURITY] [DSA 5532-1] openssl security update, Salvatore Bonaccorso, 24.10.2023

Archiv bereitgestellt durch MHonArc 2.6.24.

Seitenanfang