-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Sat, 28 Jul 2018 03:44:30 +0200 Source: openssl Binary: openssl libssl1.0.0 libcrypto1.0.0-udeb libssl-dev libssl-doc libssl1.0.0-dbg Architecture: source all amd64 Version: 1.0.1t-1+deb8u9 Distribution: jessie-security Urgency: high Maintainer: Debian OpenSSL Team <pkg-openssl-devel@lists.alioth.debian.org> Changed-By: Markus Koschany <apo@debian.org> Description: libcrypto1.0.0-udeb - Secure Sockets Layer toolkit - libcrypto udeb (udeb) libssl-dev - Secure Sockets Layer toolkit - development files libssl-doc - Secure Sockets Layer toolkit - development documentation libssl1.0.0 - Secure Sockets Layer toolkit - shared libraries libssl1.0.0-dbg - Secure Sockets Layer toolkit - debug information openssl - Secure Sockets Layer toolkit - cryptographic utility Changes: openssl (1.0.1t-1+deb8u9) jessie-security; urgency=high . * Non-maintainer upload by the LTS team. * Fix CVE-2018-0737: Alejandro Cabrera Aldaya, Billy Brumley, Cesar Pereida Garcia and Luis Manuel Alvarez Tapia discovered that the OpenSSL RSA Key generation algorithm has been shown to be vulnerable to a cache timing side channel attack. An attacker with sufficient access to mount cache timing attacks during the RSA key generation process could recover the private key. * Fix CVE-2018-0732: DoS by a malicious server that sends a very large prime value to the client during TLS handshake. Checksums-Sha1: 5accd20beb57cdd4867aef2dce6bea04cd2067f1 2423 openssl_1.0.1t-1+deb8u9.dsc 8ff63318551e7615d96bb25bc701af511cd6839c 111484 openssl_1.0.1t-1+deb8u9.debian.tar.xz 36ab83c5d6a1d64174eb8acc2ba53c8829dee8f5 1167420 libssl-doc_1.0.1t-1+deb8u9_all.deb 2a36fb7f3a9d3271e02cf741891367813593997f 664150 openssl_1.0.1t-1+deb8u9_amd64.deb 39590f016968882fc542863405cd7a423861386f 1045128 libssl1.0.0_1.0.1t-1+deb8u9_amd64.deb 6f02637babb69976adf7207348983f1c7c36edd3 643822 libcrypto1.0.0-udeb_1.0.1t-1+deb8u9_amd64.udeb 5f07a9215d7fba93036e89d13f632abac017a5fa 1283852 libssl-dev_1.0.1t-1+deb8u9_amd64.deb f0142be7d39a79be89e76bf9a6c2f4dd3b0a1482 2817370 libssl1.0.0-dbg_1.0.1t-1+deb8u9_amd64.deb Checksums-Sha256: 3dba1093668c2171f2a187a1225a4ee598c207e0307632f3808000ae3dc25bc5 2423 openssl_1.0.1t-1+deb8u9.dsc 58f6dc16b6c65b1c6bc1c1f13133a81c2955779072b6a6f583f5db97b8db948d 111484 openssl_1.0.1t-1+deb8u9.debian.tar.xz 3382e795d1ba6d557451798859d751cde0e7ff46099d046bdbd7329b456aaedf 1167420 libssl-doc_1.0.1t-1+deb8u9_all.deb 4725726faeba1f58d64dbb56230eb81607bc926d7a6dc8367e82717bf8cfa527 664150 openssl_1.0.1t-1+deb8u9_amd64.deb 4edf4d85387f2bd57c8eb372e81373562d57c2f952b6956f8378a0cacf199ba5 1045128 libssl1.0.0_1.0.1t-1+deb8u9_amd64.deb d57d075a2aef75219eae93cb7a43f5f3396108d0151e1fe27c858b703ecfd684 643822 libcrypto1.0.0-udeb_1.0.1t-1+deb8u9_amd64.udeb 48ec616cd70f69f9aa0fa2537b61dce5a26cd5807bd834aac4ea2429e6f2aac3 1283852 libssl-dev_1.0.1t-1+deb8u9_amd64.deb 69881f551a7d9467cc7fcbf5c991e9affea293ed6f61f3a3586d2863665b9361 2817370 libssl1.0.0-dbg_1.0.1t-1+deb8u9_amd64.deb Files: 168c142f8ca809e0029b7201942713ee 2423 utils optional openssl_1.0.1t-1+deb8u9.dsc a1e9603e7ee35e4a160a88d1edcec29f 111484 utils optional openssl_1.0.1t-1+deb8u9.debian.tar.xz 6401a02c73313aefa57b2c7b411016c3 1167420 doc optional libssl-doc_1.0.1t-1+deb8u9_all.deb 58c509bafb57da34840a2b7071df6919 664150 utils optional openssl_1.0.1t-1+deb8u9_amd64.deb 3bddf0d0f14a43e1499e672d1b0b2eb6 1045128 libs important libssl1.0.0_1.0.1t-1+deb8u9_amd64.deb 1f4452d3f77668aa046782591d6a9db4 643822 debian-installer optional libcrypto1.0.0-udeb_1.0.1t-1+deb8u9_amd64.udeb 65a44e96ed0086565daabcabd12e36d6 1283852 libdevel optional libssl-dev_1.0.1t-1+deb8u9_amd64.deb d53401dd6b3086f9014857b9ec9a1495 2817370 debug extra libssl1.0.0-dbg_1.0.1t-1+deb8u9_amd64.deb Package-Type: udeb -----BEGIN PGP SIGNATURE----- iQKjBAEBCgCNFiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAltb2J1fFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQPHGFwb0BkZWJp YW4ub3JnAAoJENmtFLlRO1HkTAUP/0wq40k8AkfEBT9YFXD3EB59YqluMUgsDi+T sCdf8r6iuUvFJN6cKSGlN06nxz2QdfrhyPD2n/x59r1aEL0z5TO+JMErq1/Sqb+l nHBzqUi8FOKhalAfKpwz6MGip+FnFB5gZanFwqgZMwELc2gh8fH6N+b901jxP34Q GiZWW+3ysuQrPEiefvtjGaa4k+IpbwyYlCbiyMRZXhTM5Pw1Fc26tXRAuGR5PqCW tNFoHEXIC0FF6blUIUdt0TWehjThQqvuPtJpHGQBwpyIl6ZVmFHs4EEDtbtKVA8X SVnrjtYdIv3V1kIq0qLNRRthb/CJqgTatlcqtpcc/vmQIeChD9/3tEAaSVhP67jD muU2JM9xguihechDnZ3Vb+vNqTzdh4fY/299WTx3KHbAoMvv4AgVJMEekc5rIDZA VLC/FyLFE1RK4huIvtSez7ylaFy3JfCMtlkhRb7AjlVs02Ly5Sr5sQTdwkw4GZJB xH6bWMDb/efzv9FBQeIUaHeK9iieeQaaKqVro/EKGlgKu3BIEkeOsEE8qDztiu9y ToMAjbSeGnqQsehotLNs6FMftGKAdR8Q5qERXLgVTb1XQG3kg+hYQEpVwvXMPkTi OiMoZkcYZWNTsuSB389L/SsuUbspG9XDkV3/7wCQ84OSwQChvMKVhI8c6qaKxf7e F9KIMINy =/YQW -----END PGP SIGNATURE-----