Debian 10263 Published by

An openssl security update has been released for Debian GNU/Linux 8 Extended LTS to address two issues in the OpenSSL cryptographic system.



ELA-366-1 openssl security update

Package openssl
Version 1.0.1t-1+deb8u14
Related CVEs CVE-2021-23840 CVE-2021-23841

It was discovered that there were two issues in the OpenSSL cryptographic system:

Prevent an issue where “Digital EnVeloPe” EVP-related calls could cause applications to behave incorrectly or even crash.

Prevent an issue in the X509 certificate parsing caused by the lack of error handling while ingesting the “issuer” field.

For Debian 8 Jessie, these problems have been fixed in version 1.0.1t-1+deb8u14.

We recommend that you upgrade your openssl packages.

Further information about Extended LTS security advisories can be found at: https://deb.freexian.com/extended-lts/

  ELA-366-1 openssl security update