[SECURITY] [DLA 4321-1] openssl security update

To: <debian-lts-announce@lists.debian.org>
Subject: [SECURITY] [DLA 4321-1] openssl security update
From: Emilio Pozuelo Monfort <pochu@debian.org>
Date: Fri, 3 Oct 2025 17:51:44 +0200
Message-id: <[🔎] 20251003155144.39F9D5F000A6@kamino>
Mail-followup-to: debian-lts@lists.debian.org
Reply-to: debian-lts@lists.debian.org

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

- -------------------------------------------------------------------------
Debian LTS Advisory DLA-4321-1                debian-lts@lists.debian.org
https://www.debian.org/lts/security/               Emilio Pozuelo Monfort
October 03, 2025                              https://wiki.debian.org/LTS
- -------------------------------------------------------------------------

Package        : openssl
Version        : 1.1.1w-0+deb11u4
CVE ID         : CVE-2025-9230

Stanislav Fort discovered an out of bounds read and write issue when
decrypting CMS messages that were encrypted using password based
encryption.

For Debian 11 bullseye, this problem has been fixed in version
1.1.1w-0+deb11u4.

We recommend that you upgrade your openssl packages.

For the detailed security status of openssl please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/openssl

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEcJymx+vmJZxd92Q+nUbEiOQ2gwIFAmjf8QwACgkQnUbEiOQ2
gwJnZg//ZT1IZiOKVLWZDAV4GqnnlCArUK6ycQjcqrDwOKUnJzVNpWmLz/2sWxCt
W8Auc20RxdSnzzGiTswSnnqGteVBc4hv0vbc1TpE/TubA8fzp69T1UnDQZWDrQ9C
4ZY6YD+FFfrKsWO9wAdKdytUekCo7Qng/G1EeZKwbrIGa4VSQc5DPx3Y7YS+st62
pMQZ7oRreEWdWOWcRn/7eiFhVXS+6JFtuFblK7nsoTvvf/1eGpdiCc7t79vwVwji
0hSL7Y/kAyw5h/8cDyNHa85Al2Y5zBTsTIkVL0QpcmcSxcpMSC08w9CcLVkm6WMM
hYQi5qAh8TV2Q3opB3e6CaacBAfx9OR8sxQZz1roDS9aFONAjjCBEMU53i0buMdx
Hwisih8iACGV4XLiOXpCBI+W1D6cCeF6kJQzSEOQ0Gr+SIJy+Vwwus2FkWL4K03r
x3heqgsftU7UaXuYQT84T1A5VoFvpcp00xptHCYnu0DyQ3jZRy0EGlqoVIMNh+B/
ftjEXmkQH9bqiIzNlPnn/TGpSbzzwbvLm+qdwbDkGakbjj980AVjPFv8IG+Gfos9
qaaI/d9ZZdbwkuYO+fIYBV0ohgEec/ZxtXegTY2NFzcq3huZEJMHUjXja+auZ0jt
lNxvEroXEeAes2foiNLklG3mA4vLaciqfp2LkZOzm3pAoRdggqw=
=GKOt
-----END PGP SIGNATURE-----

Reply to:

Prev by Date: [SECURITY] [DLA 4316-1] open-vm-tools security update
Previous by thread: [SECURITY] [DLA 4316-1] open-vm-tools security update
Index(es):
- Date
- Thread