[SECURITY] [DLA 2953-1] openssl1.0 security update

To: <debian-lts-announce@lists.debian.org>
Subject: [SECURITY] [DLA 2953-1] openssl1.0 security update
From: Emilio Pozuelo Monfort <pochu@debian.org>
Date: Thu, 17 Mar 2022 10:50:32 +0100 (CET)
Message-id: <[🔎] 20220317095032.EDE8A2A6D10@andromeda>
Mail-followup-to: debian-lts@lists.debian.org
Reply-to: debian-lts@lists.debian.org

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

- -------------------------------------------------------------------------
Debian LTS Advisory DLA-2953-1                debian-lts@lists.debian.org
https://www.debian.org/lts/security/               Emilio Pozuelo Monfort
March 17, 2022                                https://wiki.debian.org/LTS
- -------------------------------------------------------------------------

Package        : openssl1.0
Version        : 1.0.2u-1~deb9u7
CVE ID         : CVE-2022-0778

Tavis Ormandy discovered that the BN_mod_sqrt() function of OpenSSL
could be tricked into an infinite loop. This could result in denial of
service via malformed certificates.

For Debian 9 stretch, this problem has been fixed in version
1.0.2u-1~deb9u7.

We recommend that you upgrade your openssl1.0 packages.

For the detailed security status of openssl1.0 please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/openssl1.0

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEcJymx+vmJZxd92Q+nUbEiOQ2gwIFAmIzBGgACgkQnUbEiOQ2
gwLHig//QAHk2D95hlzRvkXyZuhxq08jJHIqjgEgVWIFJ8AQOZgE/i95jc8Zd98c
mvl3jbfxE/6SqGnWvtl+3vj7K4kGG5adMaHUe2rFUVT4VE86oRy74UZsvGFmbpPb
Kk/H+ul+hTJ43gH1spQWGCXkQ7w6Zh1oGw1bO1Sm+PX0Qf+BsMT7nfj+iMmNJVA2
H8/iCHuhXeCJ337io22NiUOx7BNz5MggnI4nBL5TVxs+XDH+b8+lok8ipphvq+W/
HN+lKuV9jfv4j7JaCmHDb0+k+xgoR3qMJWYHXT/s/degrqSuP0+EmOkFQCGSNnai
cB0ie0oSMSvzquEwXf0WRCsT34gyuwFnfe773b8P5BqRoq1P9oF2t1ewrZ2oZeGT
5XkMOp/aq3fH7eckxLD0CmdJzBzFPmHFeYvLPnz4f3CEFYHXjCPszvqQ8f+KDqJr
Pkx6Krn3w3ZudxeRXYxaPgvoA/p24RZfIc/QniIDPdOo9JgR7pCEzAb6ieAv7fn5
igbZJQk0J5iHD+Qh28x9nLCZ35Oy+1r9Xn6K9dhnSvpbwDpmNP0tU8riDVZYI6Yn
jqkjBkghHUgoaf7bZ38Q315sSHO5aFq9383Tgcfaqhgs+ljiiONE7Gc61j4gqVWa
D4wZ6Fz8kRUpxehSJ10bXOlzT7gjSA8jdPe1HhDqvAi6G1h3jpA=
=VdHt
-----END PGP SIGNATURE-----

Reply to:

Prev by Date: [SECURITY] [DLA 2952-1] openssl security update
Next by Date: [SECURITY] [DLA 2954-1] python-treq security update
Previous by thread: [SECURITY] [DLA 2952-1] openssl security update
Next by thread: [SECURITY] [DLA 2954-1] python-treq security update
Index(es):
- Date
- Thread