Debian 10262 Published by

An openssl security update has been released for Debian GNU/Linux 8 Extended LTS to address an issue that could result in denial of service via malformed certificates.



ELA-580-1 openssl security update

Package openssl
Version 1.0.1t-1+deb8u17
Related CVEs CVE-2022-0778

Tavis Ormandy discovered that the BN_mod_sqrt() function of OpenSSL could be tricked into an infinite loop. This could result in denial of service via malformed certificates.

For Debian 8 jessie, these problems have been fixed in version 1.0.1t-1+deb8u17.

We recommend that you upgrade your openssl packages.

Further information about Extended LTS security advisories can be found at: https://deb.freexian.com/extended-lts/

  ELA-580-1 openssl security update