Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 441
Alerts This Week
Warning Icon 1 441

Debian: DSA-4018-1 Critical: OpenSSL Buffer Overread and Carry Propagation

debian
Calendar Grey November 3, 2017
Debian Logo
Various vulnerabilities detected in OpenSSL necessitate immediate updates for Debian clients. Refer to DSA-4019-2 for further information.
Multiple vulnerabilities have been discovered in OpenSSL, a Secure Sockets Layer toolkit

Summary

CVE-2017-3735

It was discovered that OpenSSL is prone to a one-byte buffer
overread while parsing a malformed IPAddressFamily extension in an
X.509 certificate.

Details can be found in the upstream advisory:
https://openssl-library.org/news/secadv/20170828.txt

CVE-2017-3736

It was discovered that OpenSSL contains a carry propagation bug in
the x86_64 Montgomery squaring procedure.

Details can be found in the upstream advisory:
https://openssl-library.org/news/secadv/20171102.txt

For the oldstable distribution (jessie), CVE-2017-3735 has been fixed in
version 1.0.1t-1+deb8u7. The oldstable distribution is not affected by
CVE-2017-3736.

For the stable distribution (stretch), these problems have been fixed in
version 1.1.0f-3+deb9u1.

For the unstable distribution (sid), these problems have been fixed in
version 1.1.0g-1.

We recommend that you upgrade your openssl packages.

Further information about Debian Security Advisories, how to apply
these updates to your system an...

Read the Full Advisory

Severity
critical
Lowest
Low
Medium
High
Critical

Package: openssl
CVE ID: CVE-2017-3735 CVE-2017-3736

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.