Debian Security Advisory

DSA-4855-1 openssl -- security update

Date Reported:
17 Feb 2021
Affected Packages:
Security database references:
In the Debian bugtracking system: Bug 947949.
In Mitre's CVE dictionary: CVE-2019-1551, CVE-2021-23840, CVE-2021-23841.
More information:

Multiple vulnerabilities have been discovered in OpenSSL, a Secure Sockets Layer toolkit. An overflow bug in the x64_64 Montgomery squaring procedure, an integer overflow in CipherUpdate and a NULL pointer dereference flaw X509_issuer_and_serial_hash() were found, which could result in denial of service.

Additional details can be found in the upstream advisories and

For the stable distribution (buster), these problems have been fixed in version 1.1.1d-0+deb10u5.

We recommend that you upgrade your openssl packages.

For the detailed security status of openssl please refer to its security tracker page at: