Upgrade openssl please ...
srs
Subject: patches available for Klima-Pokorny-Rosa attack on RSA in
OpenSSL
From: "Todd C. Miller" <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED]
Date: Wed, March 19, 2003 4:01 pm
Researchers have discovered an extension of the "Bleichenbacher
attack" on RSA with PKCS #1 v1.5 padding. The attack affects TLS
1.0 (aka SSL 3.0) but does *not* affect OpenSSH. Exploitation
requires that an attacker open millions of TLS connections to the
machine being attacked.
Users who run services utilizing TLS and RSA encryption should
update their OpenSSL to the version now in OpenBSD-current and the
3.1 and 3.2 -stable branches or use one of the patches below.
Patch for OpenBSD 3.1:
ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.1/common/025_kpr.patch
Patch for OpenBSD 3.2:
ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.2/common/012_kpr.patch
The OpenSSL advisory (from which the patches are derived) is:
http://www.openssl.org/news/secadv_20030319.txt
The following paper describes the attack in detail:
http://eprint.iacr.org/2003/052/
-------------------------------------------------------
This SF.net email is sponsored by:Crypto Challenge is now open!
Get cracking and register here for some mind boggling fun and
the chance of winning an Apple iPod:
http://ads.sourceforge.net/cgi-bin/redirect.pl?thaw0031en
_______________________________________________
linux-india-help mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/linux-india-help
