[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: libgcrypt's RSA-1024 and RSA-2048 broken

To: openldap-technical@OpenLDAP.org
Subject: Re: libgcrypt's RSA-1024 and RSA-2048 broken
From: Ryan Tandy <ryan@nardis.ca>
Date: Thu, 6 Jul 2017 15:46:26 -0700
Content-disposition: inline
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=nardis.ca; s=google; h=date:from:to:subject:message-id:mail-followup-to:references :mime-version:content-disposition:in-reply-to:user-agent; bh=RN+VzPVTq2Yua/ul+sM6xSAz2YKER77ZcW2rHsrUKvQ=; b=gWjgQNjMZxDYNxmrX9fXT3v3o5RQhcvJsdiQvN3fiwhOtqYV6QNjesUuWOKUC5Oo/h O8w1z696fXljDu5SEjpiBsDNAUazDtYmwG0GZWEAru1H1OtUYB3a3VjkrPeKovyyJYO4 TVYk65iR//+lfFLBYiPgV1bqk2mVv2CU2OFtc=
In-reply-to: <a5ef3558-8101-7c8b-cb7b-5c887d5f582d@symas.com>
Mail-followup-to: openldap-technical@OpenLDAP.org
References: <a5ef3558-8101-7c8b-cb7b-5c887d5f582d@symas.com>
User-agent: Mutt/1.5.23 (2014-03-12)

On Wed, Jul 05, 2017 at 06:42:12PM +0100, Howard Chu wrote:

I believe most deployments of GnuTLS now use nettle instead oflibgcrypt. But if you're on an older Debian or Ubuntu, using theirpackaged OpenLDAP built with GnuTLS, you should check what version ofGnuTLS and libgcrypt you're using.

For the record, "older" means Debian 7 (wheezy) or Ubuntu 14.04(trusty). Debian 8 (jessie) and Ubuntu 16.04 (xenial) and later areusing nettle.

Advisories and patches have been released for both wheezy and trusty,soif you're running either of those, please update.


https://lists.debian.org/debian-lts-announce/2017/07/msg00007.html
https://www.ubuntu.com/usn/usn-3347-1/

References:
- libgcrypt's RSA-1024 and RSA-2048 broken
  - From: Howard Chu <hyc@symas.com>

Prev by Date: Re: Antw: Re: Q: index for operational attributes?
Next by Date: Slave won't send referrals
Index(es):
- Chronological
- Thread