Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
osvGoogleOSV:DSA-3436-1
HistoryJan 08, 2016 - 12:00 a.m.

openssl - security update

2016-01-0800:00:00
Google
osv.dev
14
JSON

Karthikeyan Bhargavan and Gaetan Leurent at INRIA discovered a flaw in
the TLS 1.2 protocol which could allow the MD5 hash function to be used
for signing ServerKeyExchange and Client Authentication packets during a
TLS handshake. A man-in-the-middle attacker could exploit this flaw to
conduct collision attacks to impersonate a TLS server or an
authenticated TLS client.

More information can be found at

https://www.mitls.org/pages/attacks/SLOTH

For the oldstable distribution (wheezy), this problem has been fixed
in version 1.0.1e-2+deb7u19.

For the stable distribution (jessie), the testing distribution (stretch)
and the unstable distribution (sid), this issue was already addressed in
version 1.0.1f-1.

We recommend that you upgrade your openssl packages.

JSON