ELA-331-1 openssl security update
Package openssl
ELA-331-1 openssl security update
Version 1.0.1t-1+deb8u13
Related CVEs CVE-2018-0734 CVE-2020-1971
Two security vulnerabilities were found in OpenSSL, the Secure Sockets Layer toolkit.
CVE-2018-0734
A minor timing side channel attack was found in the OpenSSL DSA
signature algorithm. The fix for that introduced a more severe
regression that could also be exploited as a timing side channel
attack. This update fixes both the original problem and the
subsequent issue.
CVE-2020-1971
David Benjamin discovered a flaw in the GENERAL_NAME_cmp() function
which could cause a NULL dereference, resulting in denial of service.
For Debian 8 jessie, these problems have been fixed in version 1.0.1t-1+deb8u13.
We recommend that you upgrade your openssl packages.
Further information about Extended LTS security advisories can be found at: https://deb.freexian.com/extended-lts/
An openssl security update has been released for Debian GNU/Linux 8 Extended LTS to address two security vulnerabilities.
