Lucene search

DebianDEBIAN:DSA-4348-1:05673

HistoryNov 30, 2018 - 10:26 p.m.

[SECURITY] [DSA 4348-1] openssl security update

2018-11-3022:26:20

lists.debian.org

107

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

AI Score

7.6

Confidence

Low

EPSS

0.048

Percentile

92.9%

JSON

Debian Security Advisory DSA-4348-1 [email protected]
https://www.debian.org/security/ Moritz Muehlenhoff
November 30, 2018 https://www.debian.org/security/faq

Package : openssl
CVE ID : CVE-2018-0732 CVE-2018-0734 CVE-2018-0735 CVE-2018-0737
CVE-2018-5407

Several local side channel attacks and a denial of service via large
Diffie-Hellman parameters were discovered in OpenSSL, a Secure Sockets
Layer toolkit.

For the stable distribution (stretch), these problems have been fixed in
version 1.1.0j-1~deb9u1. Going forward, openssl security updates for
stretch will be based on the 1.1.0x upstream releases.

We recommend that you upgrade your openssl packages.

For the detailed security status of openssl please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/openssl

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: [email protected]

OSVersionArchitecturePackageVersionFilename
Debian9armelopenssl-dbgsym< 1.1.0j-1~deb9u1openssl-dbgsym_1.1.0j-1~deb9u1_armel.deb
Debian9ppc64ellibcrypto1.0.2-udeb< 1.0.2q-1~deb9u1libcrypto1.0.2-udeb_1.0.2q-1~deb9u1_ppc64el.deb
Debian9mips64ellibssl-dev< 1.1.0j-1~deb9u1libssl-dev_1.1.0j-1~deb9u1_mips64el.deb
Debian9allopenssl1.0< 1.0.2q-1~deb9u1openssl1.0_1.0.2q-1~deb9u1_all.deb
Debian8armhflibssl1.0.0-dbg< 1.0.1t-1+deb8u10libssl1.0.0-dbg_1.0.1t-1+deb8u10_armhf.deb
Debian9mipsellibssl-dev< 1.1.0j-1~deb9u1libssl-dev_1.1.0j-1~deb9u1_mipsel.deb
Debian8amd64libssl-dev< 1.0.1t-1+deb8u10libssl-dev_1.0.1t-1+deb8u10_amd64.deb
Debian8armellibssl-dev< 1.0.1t-1+deb8u10libssl-dev_1.0.1t-1+deb8u10_armel.deb
Debian8armhflibssl1.0.0< 1.0.1t-1+deb8u9libssl1.0.0_1.0.1t-1+deb8u9_armhf.deb
Debian9ppc64ellibssl1.0.2< 1.0.2q-1~deb9u1libssl1.0.2_1.0.2q-1~deb9u1_ppc64el.deb

OS	Version	Architecture	Package	Version	Filename
Debian	9	armel	openssl-dbgsym	< 1.1.0j-1~deb9u1	openssl-dbgsym_1.1.0j-1~deb9u1_armel.deb
Debian	9	ppc64el	libcrypto1.0.2-udeb	< 1.0.2q-1~deb9u1	libcrypto1.0.2-udeb_1.0.2q-1~deb9u1_ppc64el.deb
Debian	9	mips64el	libssl-dev	< 1.1.0j-1~deb9u1	libssl-dev_1.1.0j-1~deb9u1_mips64el.deb
Debian	9	all	openssl1.0	< 1.0.2q-1~deb9u1	openssl1.0_1.0.2q-1~deb9u1_all.deb
Debian	8	armhf	libssl1.0.0-dbg	< 1.0.1t-1+deb8u10	libssl1.0.0-dbg_1.0.1t-1+deb8u10_armhf.deb
Debian	9	mipsel	libssl-dev	< 1.1.0j-1~deb9u1	libssl-dev_1.1.0j-1~deb9u1_mipsel.deb
Debian	8	amd64	libssl-dev	< 1.0.1t-1+deb8u10	libssl-dev_1.0.1t-1+deb8u10_amd64.deb
Debian	8	armel	libssl-dev	< 1.0.1t-1+deb8u10	libssl-dev_1.0.1t-1+deb8u10_armel.deb
Debian	8	armhf	libssl1.0.0	< 1.0.1t-1+deb8u9	libssl1.0.0_1.0.1t-1+deb8u9_armhf.deb
Debian	9	ppc64el	libssl1.0.2	< 1.0.2q-1~deb9u1	libssl1.0.2_1.0.2q-1~deb9u1_ppc64el.deb