[SECURITY] [DSA 2343-1] openssl security update

2011-11-11T00:00:00
ID SECURITYVULNS:DOC:27296
Type securityvulns
Reporter Securityvulns
Modified 2011-11-11T00:00:00

Description

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1


Debian Security Advisory DSA-2343-1 security@debian.org http://www.debian.org/security/ Raphael Geissert November 09, 2011 http://www.debian.org/security/faq


Package : openssl Vulnerability : CA trust revocation Problem type : remote Debian-specific: no

Several weak certificates were issued by Malaysian intermediate CA "Digicert Sdn. Bhd." This event, along with other issues, has lead to Entrust Inc. and Verizon Cybertrust to revoke the CA's cross-signed certificates.

This update to OpenSSL, a Secure Sockets Layer toolkit, reflects this decision by marking Digicert Sdn. Bhd.'s certificates as revoked.

For the oldstable distribution (lenny), this problem has been fixed in version 0.9.8g-15+lenny14.

For the stable distribution (squeeze), this problem has been fixed in version 0.9.8o-4squeeze4.

For the testing distribution (wheezy), this problem will be fixed soon.

For the unstable distribution (sid), this problem has been fixed in version 1.0.0e-2.1.

We recommend that you upgrade your openssl packages.

Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: http://www.debian.org/security/

Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux)

iEYEARECAAYFAk66uHsACgkQYy49rUbZzlpVfgCfRLfAEy2AAM8GFtuJNYos20PG fGUAn3MJYAV4rCpPJ1V3V6KifkbZVbVb =PQRs -----END PGP SIGNATURE-----