Debian 10261 Published by

An openssl security update has been released for Debian GNU/Linux 8 Extended LTS to address two security vulnerabilities.



ELA-331-1 openssl security update

Package openssl
Version 1.0.1t-1+deb8u13
Related CVEs CVE-2018-0734 CVE-2020-1971

Two security vulnerabilities were found in OpenSSL, the Secure Sockets Layer toolkit.

CVE-2018-0734

A minor timing side channel attack was found in the OpenSSL DSA
signature algorithm. The fix for that introduced a more severe
regression that could also be exploited as a timing side channel
attack. This update fixes both the original problem and the
subsequent issue.
CVE-2020-1971

David Benjamin discovered a flaw in the GENERAL_NAME_cmp() function
which could cause a NULL dereference, resulting in denial of service.
For Debian 8 jessie, these problems have been fixed in version 1.0.1t-1+deb8u13.

We recommend that you upgrade your openssl packages.

Further information about Extended LTS security advisories can be found at: https://deb.freexian.com/extended-lts/

  ELA-331-1 openssl security update