[SECURITY] [DSA 4807-1] openssl security update

To: debian-security-announce@lists.debian.org
Subject: [SECURITY] [DSA 4807-1] openssl security update
From: Salvatore Bonaccorso <carnil@debian.org>
Date: Tue, 08 Dec 2020 15:25:11 +0000
Message-id: <[🔎] E1kmerX-00029V-Tn@seger.debian.org>
Reply-to: debian-security-announce-request@lists.debian.org

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- -------------------------------------------------------------------------
Debian Security Advisory DSA-4807-1                   security@debian.org
https://www.debian.org/security/                     Salvatore Bonaccorso
December 08, 2020                     https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : openssl
CVE ID         : CVE-2020-1971

David Benjamin discovered a flaw in the GENERAL_NAME_cmp() function
which could cause a NULL dereference, resulting in denial of service.

Additional details can be found in the upstream advisory:
https://www.openssl.org/news/secadv/20201208.txt

For the stable distribution (buster), this problem has been fixed in
version 1.1.1d-0+deb10u4.

We recommend that you upgrade your openssl packages.

For the detailed security status of openssl please refer to its security
tracker page at:
https://security-tracker.debian.org/tracker/openssl

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: debian-security-announce@lists.debian.org
-----BEGIN PGP SIGNATURE-----

iQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAl/PmNRfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2
NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xND
z0SrxA//cDd0JVO9bdkBLrjg3bh2ibaL7rZxWM2kDOZxQ9dTyuNKHXpk72EQN7bo
YzYUOphu8Pea/v2E2bA0VzKka56lu1zmA1r2xXyZoK3YWoyVAdQe/AbrsNZh+k5U
iZ9U5VeBNmb78vZqalFnecZBAhmPBmFKmE4yc7qhj+G1XGO+/yuRL8sBGpK3WKDX
dj31X8+YlEfidj9LKj0mER1XpjaE7soWnmlFA8vI/cjBLnvWo4MyXUbicW2r028C
KB/ACbp5BzXiZkcv45Dmk73Wp2GtMPamF3iL6VBNkEy5cBXvvD+WQCJLr87w+zHr
Abvfz8UXvJnsD/qP7nEuQkMBDiZPeCIOe1lGtiNtU0oeDn1i9akVZ3pEtOf3azJ+
ZQRrxPY+qwWRenuf2CLBUzIzWh+9wUy3ZIOxSycBoqn1xN//EaZ38PNLpiYl2llM
1RyuvMn7jMo5Ow6keJ7ohIfY0FD3LNJId5Sf4EPfJHy/EAe/qSf+/WXXvLQAlMdg
0zkzBXSCHPlhOm4NgF+LuGqpyd10OK6O7C1eo2xejylohV1UJUXU+2CQfa2HQ0o4
eV5aYOsVEBPBIxedCd/XyVNCPrStetLhdP8kjASznPkIKcw1L7GW0SongEt6+7T+
csanRpBW+PoDRofOjop+zTAFesQLt/q7w2sjZCg2Wj/hEN6PeCs=
=eV7T
-----END PGP SIGNATURE-----

Reply to:

Prev by Date: [SECURITY] [DSA 4806-1] minidlna security update
Next by Date: [SECURITY] [DSA 4808-1] apt security update
Previous by thread: [SECURITY] [DSA 4806-1] minidlna security update
Next by thread: [SECURITY] [DSA 4808-1] apt security update
Index(es):
- Date
- Thread