[Forgot Password]
Login  Register Subscribe

24437

 
 

131815

 
 

116370

 
 

909

 
 

90976

 
 

142

Paid content will be excluded from the download.


Download | Alert*
OVAL

DSA-2309-1 openssl -- compromised certificate authority

ID: oval:org.secpod.oval:def:600621Date: (C)2011-10-13   (M)2018-06-02
Class: PATCHFamily: unix




Several fraudulent SSL certificates have been found in the wild issued by the DigiNotar Certificate Authority, obtained through a security compromise of said company. After further updates on this incident, it has been determined that all of DigiNotar"s signing certificates can no longer be trusted. Debian, like other software distributors and vendors, has decided to distrust all of DigiNotar"s CAs. In this update, this is done in the crypto library by marking such certificates as revoked. Any application that uses said component should now reject certificates signed by DigiNotar. Individual applications may allow users to overrride the validation failure. However, making exceptions is highly discouraged and should be carefully verified. Additionally, a vulnerability has been found in the ECDHE_ECDS cipher where timing attacks make it easier to determine private keys. The Common Vulnerabilities and Exposures project identifies it as CVE-2011-1945.

Platform:
Debian 5.0
Debian 6.0
Product:
openssl
Reference:
DSA-2309-1
CVE-2011-1945
CVE    1
CVE-2011-1945
CPE    81
cpe:/a:openssl:openssl:0.9.1c
cpe:/a:openssl:openssl:0.9.5a
cpe:/a:openssl:openssl:0.9.6:beta3
cpe:/a:openssl:openssl:0.9.6:beta1
...

© SecPod Technologies