Mon, 24 Sep 2018 15:10:07 +0200
[SECURITY] [DSA 4305-1] strongswan security update
Sze Yiu Chau and his team from Purdue University and The University of
Iowa found several issues in the gmp plugin for strongSwan, an
IKE/IPsec suite. Problems in the parsing and verification of RSA
signatures could lead to a Bleichenbacher-style low-exponent signature
forgery in certificates and during IKE authentication.
While the gmp plugin doesn't allow arbitrary data after the ASN.1
structure (the original Bleichenbacher attack), the ASN.1 parser is not
strict enough and allows data in specific fields inside the ASN.1
structure. Only installations using the gmp plugin are affected (on
Debian OpenSSL plugin has priority over GMP one for RSA operations),
and only when using keys and certificates (including ones from CAs)
using keys with an exponent e = 3, which is usually rare in practice.
version 5.5.1-4+deb9u3
Confirmed: ascii-security
Sun, 23 Sep 2018 18:27:55 +0000
[SECURITY] [DSA 4304-1] firefox-esr security update
version 60.2.1esr-1~deb9u1
Confirmed: ascii-security
Note: ceres contains v60.2.1esr-1
Sun, 23 Sep 2018 18:23:23 +0000
[SECURITY] [DSA 4303-1] okular security update
version 4:16.08.2-1+deb9u1.
Confirmed: ascii-security
Sun, 23 Sep 2018 15:34:19 +0000
[SECURITY] [DSA 4302-1] openafs security update
version 1.6.20-2+deb9u2
Confirmed: ascii-security
Sat, 22 Sep 2018 15:13:12 +0000
[SECURITY] [DSA 4301-1] mediawiki security update
version 1:1.27.5-1~deb9u1
Confirmed: ascii-security
Sat, 22 Sep 2018 14:01:58 +0000
[SECURITY] [DSA 4300-1] libarchive-zip-perl security update
version 1.59-1+deb9u1
Confirmed: ascii-security
Fri, 21 Sep 2018 15:01:29 +0200
[SECURITY] [DSA 4299-1] texlive-bin security update
version 2016.20160513.41080.dfsg-2+deb9u1
Confirmed: ascii-security
Thu, 20 Sep 2018 19:04:19 +0000
[SECURITY] [DSA 4298-1] hylafax security update
version 3:6.0.6-7+deb9u1
Confirmed: ascii-security
Wed, 19 Sep 2018 01:15:22 -0400
[SECURITY] [DSA 4297-1] chromium-browser security update
version 69.0.3497.92-1~deb9u1.
Confirmed: ascii-security
Note: beowulf and ceres contain v69.0.3497.92-1