#use wml::debian::translation-check translation="5e5cde5f1d7897295b54d526fe07c41028cc4af2" mindelta="1"
<define-tag description>sikkerhedsopdatering</define-tag>
<define-tag moreinfo>
<p>Tibor Jager, Jörg Schwenk og Juraj Somorovsky fra Horst Görtz Institute for 
IT Security, udgav et afhandling under ESORICS 2015, hvor de beskriver et 
ugyldig kurve-angreb i Bouncy Castle Crypto, et Java-bibliotek til kryptografi. 
En angriber havde mulighed for at gendanne private Elliptic Curve-nøgler fra 
forskellige applikationer, eksempelvis TLS-servere.</p>

<p>Flere oplysninger:
<a href="http://web-in-security.blogspot.ca/2015/09/practical-invalid-curve-attacks.html">\
http://web-in-security.blogspot.ca/2015/09/practical-invalid-curve-attacks.html</a>
<br>
Practical Invalid Curve Attacks på TLS-ECDH:
<a href="http://euklid.org/pdf/ECC_Invalid_Curve.pdf">\
http://euklid.org/pdf/ECC_Invalid_Curve.pdf</a></p>

<p>I den gamle stabile distribution (wheezy), er dette problem rettet
i version 1.44+dfsg-3.1+deb7u1.</p>

<p>I den stabile distribution (jessie), er dette problem rettet i
version 1.49+dfsg-3+deb8u1.</p>

<p>I den ustabile distribution (sid), er dette problem rettet i
version 1.51-2.</p>

<p>Vi anbefaler at du opgraderer dine bouncycastle-pakker.</p>
</define-tag>

# do not modify the following line
#include "$(ENGLISHDIR)/security/2015/dsa-3417.data"