Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Mon, 1 Feb 2016 16:32:55 +0100
From: Gerhard Rieger <>
Subject: Socat security advisory 7 - Created new 2048bit DH modulus

Socat security advisory 7 - Created new 2048bit DH modulus

  In the OpenSSL address implementation the hard coded 1024 bit DH p
  parameter was not prime. The effective cryptographic strength of a key
  exchange using these parameters was weaker than the one one could get by
  using a prime p. Moreover, since there is no indication of how these
  parameters were chosen, the existence of a trapdoor that makes possible
  for an eavesdropper to recover the shared secret from a key exchange that
  uses them cannot be ruled out.
  A new prime modulus p parameter has been generated by Socat developer
  using OpenSSL dhparam command.
  In addition the new parameter is 2048 bit long.

Vulnerability Ids:
  Socat security issue 7

Severity: Unknown

Affected versions

Not affected or corrected versions - and later
  2.0.0-b1 - 2.0.0-b7
  2.0.0-b9 and later

  Disable DH ciphers

  The updated sources can be downloaded from: gz

  Santiago Zanella-Beguelin and Microsoft Vulnerability Research (MSVR).

Download attachment "signature.asc" of type "application/pgp-signature" (474 bytes)

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ