CVE-2017-15423

NameCVE-2017-15423
DescriptionInappropriate implementation in BoringSSL SPAKE2 in Google Chrome prior to 63.0.3239.84 allowed a remote attacker to leak the low-order bits of SHA512(password) by inspecting protocol traffic.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, bugtraq, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, Mageia, GitHub code/issues, web search, more)
ReferencesDSA-4064-1

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
chromium-browserunknownwheezy(unfixed)end-of-life
chromium-browserunknownjessie(unfixed)end-of-life
chromium-browserunknownstretch63.0.3239.84-1~deb9u1DSA-4064-1
chromium-browserunknown(unstable)63.0.3239.84-1

Notes

[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)

Search for package or bug name: Reporting problems