|
|
Log in / Subscribe / Register

Debian alert DLA-2997-1 (ecdsautils)



From:
              Sven Eckelmann <sven@narfation.org>


To:
              debian-lts-announce@lists.debian.org


Subject:
              [SECURITY] [DLA 2997-1] ecdsautils security update


Date:
              Sat, 07 May 2022 08:12:08 +0200


Message-ID:
              <3088206.iEP44xHWxd@sven-desktop>


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- -------------------------------------------------------------------------
Debian LTS Advisory DLA-2997-1                debian-lts@lists.debian.org
https://www.debian.org/lts/security/                       Sven Eckelmann
May 07, 2022                                  https://wiki.debian.org/LTS
- -------------------------------------------------------------------------

Package        : ecdsautils
Version        : 0.3.2+git20151018-2+deb9u1
CVE ID         : CVE-2022-24884

In ecdsautils, a collection of ECDSA elliptic curve cryptography command
line tools, an improper verification of cryptographic signatures was
detected. A signature consisting only of zeroes is always considered
valid, making it trivial to forge signatures.

For Debian 9 stretch, this problem has been fixed in version
0.3.2+git20151018-2+deb9u1.

We recommend that you upgrade your ecdsautils packages.

For the detailed security status of ecdsautils please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/ecdsautils

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEF10rh2Elc9zjMuACXYcKB8Eme0YFAmJ2DbgACgkQXYcKB8Em
e0ZHcRAAzY/BAn0HRqjPCkde1Bm26iPYoo/8lR1ufiWiFMPDPLaaptWLvcGm1kp1
ejmLtMJQ1tNC/dMJW2ZogDdEu/ec2/M/7yuVe/sHctMl55wxqI73bgJdZuVdPr9f
9aQnMC2X2wm8+ja1dECN5KZhbfyB8LdGCshihhT04utREYvlsAoIUAw37ao2OyKB
CjneK3UvZfSDLB2APObC2Ke4+Vmn+HPwYEUoDJfWJLHRinZ7892k2VFwvIr0KshM
diTv5c69Vd6kaW3NYP+FJDMERmtfLpsl33lLk5fQEeOW8sInaiTo14HGIJq7Kim7
D4WlkiW4es58d1G7gA0eyGjv/ookcxLquE7gRWebksN46viBUpHQvFaTc8KXTxpB
xCUs7LxeVTmf//P7IBAS7g0HB7C4Fxs/7ef1dagz50fD7W6coVQQYDK7aenLqG0w
3ji4d2C6waxdAir+KwLK280MLytts2bDqQsNS+Teu61qzFJu2xcFWUYn89YujRG8
HywdW2zFkYzkwgrptRiIk66pDbKQhUhAjXbtdJG7Iu/poW27gAInqj1Engexepk8
2Cz2qcPPPuQqSRvbpq7BId524Qq6xDn0ywUHIrmpYbOEj/7p9PoIA++xC1eIi6Ie
po7MnsseYF73L9IDqtnT8CJiLgXh5EsEZMUZtZAmUsh8y1JZLNE=
=D4GL
-----END PGP SIGNATURE-----
to post comments


Copyright © 2026, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds