Debian 10 Buster DLA-3449-1 Moderate: OpenSSL DoS Threats
debian lts
June 8, 2023
Multiple vulnerabilities have been discovered in OpenSSL, a Secure Sockets Layer toolkit
Topics Covered
Summary
CVE-2023-0464
David Benjamin reported a flaw related to the verification of
X.509 certificate chains that include policy constraints, which
may result in denial of service.
CVE-2023-0465
David Benjamin reported that invalid certificate policies in leaf
certificates are silently ignored. A malicious CA could take
advantage of this flaw to deliberately assert invalid certificate
policies in order to circumvent policy checking on the certificate
altogether.
CVE-2023-0466
David Benjamin discovered that the implementation of the
X509_VERIFY_PARAM_add0_policy() function does not enable the check
which allows certificates with invalid or incorrect policies to
pass the certificate verification (contrary to its documentation).
CVE-2023-2650
It was discovered that processing malformed ASN.1 object
identifiers or data may result in denial of service.
For Debian 10 buster, these problems have been fixed in version
1.1.1n-0+deb10u5.
PREVIOUS 
NEXT Package: openssl
Version: 1.1.1n-0+deb10u5
CVE ID: CVE-2023-0464 CVE-2023-0465 CVE-2023-0466 CVE-2023-2650
Debian Bug: 1034720
Topics Covered
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!