Linux Security
    Linux Security
    Linux Security

    ArchLinux: 202004-18: openssl: denial of service

    Date
    320
    Posted By
    The package openssl before version 1.1.1.g-1 is vulnerable to denial of service.
    Arch Linux Security Advisory ASA-202004-18
    ==========================================
    
    Severity: High
    Date    : 2020-04-21
    CVE-ID  : CVE-2020-1967
    Package : openssl
    Type    : denial of service
    Remote  : Yes
    Link    : https://security.archlinux.org/AVG-1139
    
    Summary
    =======
    
    The package openssl before version 1.1.1.g-1 is vulnerable to denial of
    service.
    
    Resolution
    ==========
    
    Upgrade to 1.1.1.g-1.
    
    # pacman -Syu "openssl>=1.1.1.g-1"
    
    The problem has been fixed upstream in version 1.1.1.g.
    
    Workaround
    ==========
    
    None.
    
    Description
    ===========
    
    A NULL pointer dereference has been found in OpenSSL versions 1.1.1d,
    1.1.1e and 1.1.1f. Server or client applications that call the
    SSL_check_chain() function during or after a TLS 1.3 handshake may
    crash due to a NULL pointer dereference as a result of incorrect
    handling of the "signature_algorithms_cert" TLS extension. The crash
    occurs if an invalid or unrecognised signature algorithm is received
    from the peer. This could be exploited by a malicious peer in a Denial
    of Service attack.
    
    Impact
    ======
    
    A malicious server or client may crash an openssl/libssl process by
    providing a maliciously-crafted SSL handshake
    
    References
    ==========
    
    https://www.openssl.org/news/secadv/20200421.txt
    https://github.com/openssl/openssl/commit/eb563247aef3e83dda7679c43f9649270462e5b1
    https://security.archlinux.org/CVE-2020-1967
    

    Advisories

    LinuxSecurity Poll

    Which statement best describes how you feel about the recent Linux 5.9 release?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 2 answer(s).
    /main-polls/40-what-change-are-you-most-excited-about-in-linux-5-9?task=poll.vote&format=json
    40
    radio
    [{"id":"140","title":"Not a game-changer for me.","votes":"1","type":"x","order":"1","pct":16.67,"resources":[]},{"id":"141","title":"I'm happy with the performance improvements it offers.","votes":"5","type":"x","order":"2","pct":83.33,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350


    VIEW MORE POLLS

    bottom 200

    Please enable / Bitte aktiviere JavaScript!
    Veuillez activer / Por favor activa el Javascript![ ? ]

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.