Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
===========================================================================
AUSCERT External Security Bulletin Redistribution
ESB-2011.0891
ca-certificates security update
1 September 2011
===========================================================================
AusCERT Security Bulletin Summary
---------------------------------
Product: ca-certificates
Publisher: Debian
Operating System: Debian GNU/Linux 6
Impact/Access: Provide Misleading Information -- Remote with User Interaction
Resolution: Patch/Upgrade
Reference: ESB-2011.0886
ESB-2011.0890
Original Bulletin:
http://www.debian.org/security/2011/dsa-2299
- --------------------------BEGIN INCLUDED TEXT--------------------
- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
- - -------------------------------------------------------------------------
Debian Security Advisory DSA-2299-1 security@debian.org
http://www.debian.org/security/ Thijs Kinkhorst
August 31, 2011 http://www.debian.org/security/faq
- - -------------------------------------------------------------------------
Package : ca-certificates
Vulnerability : comprimised certificate authority
Problem type : local/remote
Debian-specific: no
Debian Bug : 639744
An unauthorized SSL certificate has been found in the wild issued
the DigiNotar Certificate Authority, obtained through a security
compromise with said company. Debian, like other software
distributors, has as a precaution decided to disable the DigiNotar
Root CA by default in its ca-certificates bundle.
For other software in Debian that ships a CA bundle, like the
Mozilla suite, updates are forthcoming.
For the oldstable distribution (lenny), the ca-certificates package
does not contain this root CA.
For the stable distribution (squeeze), the root CA has been
disabled starting ca-certificates version 20090814+nmu3.
For the testing distribution (wheezy) and unstable distribution
(sid), the root CA has been disabled starting ca-certificates
version 20110502+nmu1.
We recommend that you upgrade your ca-certificates packages.
Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: http://www.debian.org/security/
Mailing list: debian-security-announce@lists.debian.org
- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
iQEcBAEBAgAGBQJOXmW6AAoJEOxfUAG2iX57w/sIAM1IXqr2QRL8NfF9dU8iWvzI
2HzaqwiCE1+MmFxg/vvXuosgxVTbqytRkJ6fnbbsz3pPtjeQCZqG/z0RP7d7Dkv+
YdAc4aMoCyAzavYoGjCw0vIgs6BJNeZmJVixqpceDzHie+o0FNL29FkHjpgeTpZk
9oIRSaeG+YMUypmJf9V0ZpDIO/S/6WzNqfrskOkm8xZimHkMAOaSh86r3gmdX9Rd
RGqR3nEG1iiR6/yHB4UyZsnOJC93z5Rb9xH0vCmzcDyv7mbSOq+JxE8uN7H3YvOe
4dJeJX9jwCtQHb8Miw3j9IRHs0bOQLpuxUlxl+9F5DElPIqsXnfXAZC0HrqtkYo=
=yv4N
- -----END PGP SIGNATURE-----
- --------------------------END INCLUDED TEXT--------------------
You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.
NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members. As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.
NOTE: This is only the original release of the security bulletin. It may
not be updated when updates to the original are made. If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.
Contact information for the authors of the original document is included
in the Security Bulletin above. If you have any questions or need further
information, please contact them directly.
Previous advisories and external security bulletins can be retrieved from:
http://www.auscert.org.au/render.html?cid=1980
===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072
Internet Email: auscert@auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967
iQIVAwUBTl7JD+4yVqjM2NGpAQLvwg/8CAGZaiUsFxtxJAkIJC8izexYcgIez9yH
14fkKLGocFSX3autIrR4MNqAkLdQTB+m1Gq4+0deUIxM4X5wtizJ/o3jsH5Um2mT
1leKSqfNAbI9Je4MRzHiqSXAqCbusg8XLtpoqQ0XSpTxBV2wqhcpkOZq5ox+r3Ri
VWh8berSN4e43aMa8pIIAvUHWanDYhWHJwgZpm6vD/NMN94CBIsS1tV8MCdZY4S9
m1/0dM1av8jIP/NRpS09lmNlipGusKzIHBTU+GAwUS+Ov5KnR6aolgUgxZ4XYazL
bOWdOIgDtzUWOV+Zx7HWlhM+ilpz6Xzt09xmrFJFdarL5fF2NM2FpyuehikhJ/Ke
LAySWOWHMuon4T8WHtc/gHcYfOv/lcpUoetjKCC9K3CM0un2RERghn7iLJlZCe8H
llFglpQ00YWFmcAMmSGiDQiJy1+osetiB3NsTEBhr/hXtfaMcxEgXaxPx2H0wpLK
W0O7ENp2EV9DYSdE+J224FCSfM9epRLF9hIC7ogzyQB8Km6Zqeq+66wbdRfHSx5N
/8O6LN6e4h2V4xL5wPyi1eFC6J0/W9oVT0z9ayDzpUbh4pLLAWsk5szUtNZVx4Ol
hoDvmjqdjyE1zhfdoQuBY31+LIGoQHD8h2GGWCunMUeT70RNTumn+BJoZNdEZP8E
fcDnZhhX5Kk=
=vb/v
-----END PGP SIGNATURE-----