it-securitynotifies AT lists.piratenpartei.de

Betreff: Sicherheitsankündigungen

Listenarchiv

[IT-SecNots] [SECURITY] [DSA 5764-1] openssl security update

From: Salvatore Bonaccorso <carnil AT debian.org>
To: debian-security-announce AT lists.debian.org
Subject: [IT-SecNots] [SECURITY] [DSA 5764-1] openssl security update
Date: Tue, 03 Sep 2024 18:58:46 +0000
List-archive: https://lists.debian.org/msgid-search/E1slYjm-009L5M-Aj AT seger.debian.org
List-id: <debian-security-announce.lists.debian.org>
List-url: <http://lists.debian.org/debian-security-announce/>
Old-dkim-signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=debian.org; s=smtpauto.seger; h=Date:Message-Id:Subject:To:From:Reply-To:Cc:MIME-Version: Content-Type:Content-Transfer-Encoding:Content-ID:Content-Description: In-Reply-To:References; bh=gfHaAmoTW638eVEBDhwrfgIBhr6W/3BTqn1buU8Mo8c=; b=PU Nzj8PwFb9G7vthBqrjav0Nz8e2V6CpkSfsv8/jWG8nQXXLCzKFEaGtlNVOeMiq1R+7paxFt4EADZH aL1JA8usWfN6P62cESWKiy2z0RWILb1t4JcZTI0FZY/cURQND6Wn+4mz+KhuGO6AcCWuNtUMssc/t +cYFGStUDsNyWfRQHNXYHakbBH3TjRSmJcFg+kLlmJDZONiw2EjzC4rjl58Jvm936hmivgP3vtlEA KCSBQr9kfpG2oceQxdglGka7Ta2lCp9KTf1+vFVGAIIi8C6h09Iw0Wlnm0UMoUJp6akD8Sok42oQ4 2t8vwluDAxkgDJlCuUsJT9HaDQkiEWUw==;
Old-return-path: <carnil AT seger.debian.org>
Priority: urgent
Resent-date: Tue, 3 Sep 2024 18:59:06 +0000 (UTC)
Resent-from: debian-security-announce AT lists.debian.org
Resent-message-id: <TxYajjpV9lE.A.Kw2M.6x11mB@bendel>
Resent-sender: debian-security-announce-request AT lists.debian.org

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- -------------------------------------------------------------------------
Debian Security Advisory DSA-5764-1 security AT debian.org
https://www.debian.org/security/ Salvatore Bonaccorso
September 03, 2024 https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package : openssl
CVE ID : CVE-2024-6119

David Benjamin reported a flaw in the X.509 name checks in OpenSSL, a
Secure Sockets Layer toolkit, which may cause an application performing
certificate name checks to crash, resulting in denial of service.

Additional details can be found in the upstream advisory:
https://openssl-library.org/news/secadv/20240903.txt

For the stable distribution (bookworm), this problem has been fixed in
version 3.0.14-1~deb12u2.

We recommend that you upgrade your openssl packages.

For the detailed security status of openssl please refer to its security
tracker page at:
https://security-tracker.debian.org/tracker/openssl

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: debian-security-announce AT lists.debian.org
-----BEGIN PGP SIGNATURE-----

iQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAmbXW1pfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2
NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xND
z0RXThAAjRoSSUyNd4LR8nETi9XB31OkPVx0KrvU2hfIRnPUHHb3hOoi8vEKxdqh
gd1pHtEKUBB3TBkXnyMuQ1p79+wuIjvV6Jr7uEPK0w2GdvC0KaF4+cohRDB7Xpjk
+AjVFprvljePzgR9BcX1LWX/Bj6k7j8Jit4hkSDxeWn2W4NvCk9+1FMaHPa1PCmX
Axo83qzlJg/SMcI5s19No3TzY9z9RdXH622J6hZk/DUZi6YMSryxCoAuU7ur/Ol8
zGH8RG9THiC4hcnAnNjOrqAJqlLzoLgFxykwrvYGwWk//fsQsCeR2HXNQJiPBKq0
QyoXP0WFgIbjnQlRfJI2gxwr5KWn77sNnc2vGZ8HXScj+pKOxrdHyp6a3kaZ99AN
DCU5UAo36wSUhZyX9I8nNxjZmb2w5fbeFnHkI2xx2onoLeUjv4hzipS4VS0OP5Th
qXhXGjLng4L0bIc5Ad/LuC4T/PnXuwfDgMnAQHHM0zjQcDih/TaTfXn1v+j67FIV
BxiqD5EI07ms/jysbmpydB4z2Fwl0D09goEtbO2m2ZE+BU4o8dQIk6UB7KiKTBcy
VS3uTR7ZG9AbomfHceh9/3ycI0FMTXUXlifU9v3Btuwpb3DnjCwJKaoAEQNrfuV1
OjqV29oZd2ye2bwAC2uveAnS0wxe+26Gsr+PhmdUFSGSAPeULt4=
=KHr5
-----END PGP SIGNATURE-----

[IT-SecNots] [SECURITY] [DSA 5764-1] openssl security update, Salvatore Bonaccorso, 03.09.2024

Archiv bereitgestellt durch MHonArc 2.6.19+.