Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
securityvulnsSecurityvulnsSECURITYVULNS:DOC:27021
HistorySep 16, 2011 - 12:00 a.m.

[SECURITY] [DSA 2309-1] openssl security update

2011-09-1600:00:00
vulners.com
18
JSON

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Debian Security Advisory DSA-2309-1 [email protected]
http://www.debian.org/security/ Raphael Geissert
September 13, 2011 http://www.debian.org/security/faq

Package : openssl
Vulnerability : compromised certificate authority
Problem type : remote
Debian-specific: no
CVE ID : CVE-2011-1945

Several fraudulent SSL certificates have been found in the wild issued
by the DigiNotar Certificate Authority, obtained through a security
compromise of said company. After further updates on this incident, it
has been determined that all of DigiNotar's signing certificates can no
longer be trusted.
Debian, like other software distributors and vendors, has decided to
distrust all of DigiNotar's CAs. In this update, this is done in the
crypto library (a component of the OpenSSL toolkit) by marking such
certificates as revoked.
Any application that uses said component should now reject certificates
signed by DigiNotar. Individual applications may allow users to overrride
the validation failure. However, making exceptions is highly
discouraged and should be carefully verified.

Additionally, a vulnerability has been found in the ECDHE_ECDS cipher
where timing attacks make it easier to determine private keys. The
Common Vulnerabilities and Exposures project identifies it as
CVE-2011-1945.

For the oldstable distribution (lenny), these problems have been fixed in
version 0.9.8g-15+lenny12.

For the stable distribution (squeeze), these problems have been fixed in
version 0.9.8o-4squeeze2.

For the testing distribution (wheezy), these problems will be fixed soon.

For the unstable distribution (sid), these problems have been fixed in
version 1.0.0e-1.

We recommend that you upgrade your openssl packages.

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: http://www.debian.org/security/

Mailing list: [email protected]
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)

iEYEARECAAYFAk5v4GEACgkQYy49rUbZzlpiVgCgn601VsUS5b/sYtPdMSMuIXUN
l14AoIxRvh296WlbZkywtbxYJ43820yz
=Tcyw
-----END PGP SIGNATURE-----

Related

prion 1
nessus 15
debiancve 1
ubuntucve 1
openvas 10
f5 2
osv 1
securityvulns 2
debian 2
cert 1
cve 1
gentoo 1
ubuntu 1
lenovo 2
prion
prion
Code injection
2011-05-31 20:55:00
nessus
nessus
openSUSE Security Update : libopenssl-devel (openSUSE-SU-2011:0634-1)
2014-06-13 00:00:00
SuSE 11.1 Security Update : OpenSSL (SAT Patch Number 4662)
2011-06-15 00:00:00
SuSE 10 Security Update : OpenSSL (ZYPP Patch Number 7552)
2011-06-15 00:00:00
debiancve
debiancve
CVE-2011-1945
2011-05-31 20:55:00
ubuntucve
ubuntucve
CVE-2011-1945
2011-05-31 00:00:00
openvas
openvas
Mandriva Update for openssl MDVSA-2011:136 (openssl)
2011-09-30 00:00:00
Debian Security Advisory DSA 2309-1 (openssl)
2011-09-21 00:00:00
Mandriva Update for openssl MDVSA-2011:136 (openssl)
2011-09-30 00:00:00
f5
f5
K12998 : OpenSSL vulnerability CVE-2011-1945
2014-07-25 00:00:00
SOL12998 - OpenSSL vulnerability CVE-2011-1945
2011-08-02 00:00:00
osv
osv
openssl - compromised certificate authority
2011-09-13 00:00:00
securityvulns
securityvulns
DigiNotar fraudulent certificates
2011-09-16 00:00:00
APPLE-SA-2013-06-04-1 OS X Mountain Lion v10.8.4 and Security Update 2013-002
2013-06-17 00:00:00
debian
debian
[SECURITY] [DSA 2309-1] openssl security update
2011-09-13 22:59:43
[BSA-060] Security Update for openssl
2011-11-14 04:20:38
cert
cert
OpenSSL leaks ECDSA private key through a remote timing attack
2011-05-17 00:00:00
cve
cve
CVE-2011-1945
2011-05-31 20:55:00
gentoo
gentoo
OpenSSL: Multiple Vulnerabilities
2013-12-03 00:00:00
ubuntu
ubuntu
OpenSSL vulnerabilities
2012-02-09 00:00:00
lenovo
lenovo
Intel® PROSet/Wireless WiFi Software Vulnerabilities - US
2018-11-13 17:10:51
Intel® PROSet/Wireless WiFi Software Vulnerabilities - Lenovo Support US
2018-11-13 17:10:51
JSON
Related for SECURITYVULNS:DOC:27021
prion1nessus15debiancve1ubuntucve1openvas10f52osv1securityvulns2debian2cert1cve1gentoo1ubuntu1lenovo2