it-securitynotifies AT lists.piratenpartei.de
Betreff: Sicherheitsankündigungen
Listenarchiv
- From: Salvatore Bonaccorso <carnil AT debian.org>
- To: debian-security-announce AT lists.debian.org
- Subject: [IT-SecNots] [SECURITY] [DSA 4855-1] openssl security update
- Date: Wed, 17 Feb 2021 13:40:59 +0000
- List-archive: https://lists.debian.org/msgid-search/E1lCN4d-0006PE-KJ AT seger.debian.org
- List-id: <debian-security-announce.lists.debian.org>
- List-url: <http://lists.debian.org/debian-security-announce/>
- Old-dkim-signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=debian.org; s=smtpauto.seger; h=Date:Message-Id:Subject:To:From:Reply-To:Cc:MIME-Version :Content-Type:Content-Transfer-Encoding:Content-ID:Content-Description: In-Reply-To:References; bh=BfiaR1JS6nMjgVw/4UTBdYYPivcwlTi9zRibggJ2tvk=; b=A5 EfKfdV+El1LpQnXxc8CoalqsMn2kD5OWuQtD4u6DZWQST/S2uhXo9E+HO3hofZvJrO1mYlE3U+gQo QIB2AD0ZfktMrPJh6Fi0dolixkC5Bc0wEzxidtk8LvhzP9584d5pCUpZLVSZZ4JCaIfxfeJxXEXua Jl7gY6zhhb5IVxfg2OS7pa3gKhWH5ikMl3NrMsBbfED/0lDN7L1WWdXkVK5h2yXp82pQvTYjknXWB +QAFMhzkLOvQ4hN6mOQ/a+v1M2oh291nmYb2t7lju8G3hUVB/dh+CSWptxmSFxJ4l4edUD3ZTP1pV 4p+fgDGKJelj4+9V8k9gXShWvB4ujOSQ==;
- Old-return-path: <carnil AT seger.debian.org>
- Priority: urgent
- Resent-date: Wed, 17 Feb 2021 13:41:16 +0000 (UTC)
- Resent-from: debian-security-announce AT lists.debian.org
- Resent-message-id: <avAFfWgQ7kK.A.tfC.8zRLgB@bendel>
- Resent-sender: debian-security-announce-request AT lists.debian.org
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
- -------------------------------------------------------------------------
Debian Security Advisory DSA-4855-1 security AT debian.org
https://www.debian.org/security/ Salvatore Bonaccorso
February 17, 2021 https://www.debian.org/security/faq
- -------------------------------------------------------------------------
Package : openssl
CVE ID : CVE-2019-1551 CVE-2021-23840 CVE-2021-23841
Debian Bug : 947949
Multiple vulnerabilities have been discovered in OpenSSL, a Secure
Sockets Layer toolkit. An overflow bug in the x64_64 Montgomery squaring
procedure, an integer overflow in CipherUpdate and a NULL pointer
dereference flaw X509_issuer_and_serial_hash() were found, which could
result in denial of service.
Additional details can be found in the upstream advisories
https://www.openssl.org/news/secadv/20191206.txt and
https://www.openssl.org/news/secadv/20210216.txt .
For the stable distribution (buster), these problems have been fixed in
version 1.1.1d-0+deb10u5.
We recommend that you upgrade your openssl packages.
For the detailed security status of openssl please refer to its security
tracker page at:
https://security-tracker.debian.org/tracker/openssl
Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/
Mailing list: debian-security-announce AT lists.debian.org
-----BEGIN PGP SIGNATURE-----
iQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAmAtHDpfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2
NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xND
z0SYCg/9HRfTx/x8jaG8pn8kcPmUiSs+WkMBXmQeg97Gf6NLeflYczwtZ9MGWAAj
J9R72BqppoSGaI4MPgUQPRDRHclktJOxBkICyiYL35G18x0iFz352rfHegq9rzVe
VxJAXh3Xo6hA/SX046rjh+gJU63fgiE4Wy9T1D9y9A582FHfqhNFpEbWyzA871hG
nDFabpyvRltEC/XXu5pejqU9cguc4wF6pVjMffF1ikV6srAFPFO14v5aYYTWHEe1
D5cOUe6ckFIJBHYO4NEldlfRN1OVUZUMERQwjkfJ6RnwOxzN9dAdnhle+nqgeC7P
GwyVHTNIIhNOpjo24j0d13npJqdBvpXygG8TVDzRGm70SgMsizIm/b8ID9yzQjXH
45ziZZKLnLDDE55v62bUZ7KOe3DZYp/dElZ6mt/xKikC10GEOv1exsaB12s4LlDx
+7VF2U3nAer//G2LkGAPkbNAT1RC1uibnivyed3uHpUwFewE0fsdaoHtwFPPYDNp
Y7dyMI+SpAF1/6PW7kBqgHtyp9GAp2fcldV1uLmr9FKoBASvemkReHH1/eDzPqaA
xKzJ67vi9vX3IKtEz+T/EftZ5VDb/JW/f5EPsLNKjQJomRaQRr9EnYMVFCERVwvk
IMCzTgoed90pMSWyfO7BkywXMk4t14IeV9PhGVTfCrdpr4c2QC4=
=hM2Z
-----END PGP SIGNATURE-----
- [IT-SecNots] [SECURITY] [DSA 4855-1] openssl security update, Salvatore Bonaccorso, 17.02.2021
Archiv bereitgestellt durch MHonArc 2.6.24.