What Are You Looking For?

Popular Tags

Sign Up

- -------------------------------------------------------------------------
Debian LTS Advisory DLA-3530-1                [email protected]
https://www.debian.org/lts/security/                         Anton Gladky
August 15, 2023                               https://wiki.debian.org/LTS
- -------------------------------------------------------------------------

Package        : openssl
Version        : 1.1.1n-0+deb10u6
CVE ID         : CVE-2023-3446 CVE-2023-3817

Two vunerabilities were discovered in openssl, a Secure Sockets Layer toolkit:

CVE-2023-3446, CVE-2023-3817

    Excessively long DH key or parameter checks can cause significant delays
    in applications using DH_check(), DH_check_ex(), or EVP_PKEY_param_check()
    functions, potentially leading to Denial of Service attacks when keys or
    parameters are obtained from untrusted sources.


For Debian 10 buster, these problems have been fixed in version
1.1.1n-0+deb10u6.

We recommend that you upgrade your openssl packages.

For the detailed security status of openssl please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/openssl

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS

Debian LTS: DLA-3530-1: openssl security update

August 16, 2023
Two vunerabilities were discovered in openssl, a Secure Sockets Layer toolkit: CVE-2023-3446, CVE-2023-3817

Summary

CVE-2023-3446, CVE-2023-3817

Excessively long DH key or parameter checks can cause significant delays
in applications using DH_check(), DH_check_ex(), or EVP_PKEY_param_check()
functions, potentially leading to Denial of Service attacks when keys or
parameters are obtained from untrusted sources.


For Debian 10 buster, these problems have been fixed in version
1.1.1n-0+deb10u6.

We recommend that you upgrade your openssl packages.

For the detailed security status of openssl please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/openssl

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS


Severity
Package : openssl
Version : 1.1.1n-0+deb10u6
CVE ID : CVE-2023-3446 CVE-2023-3817

Related News

Critical Memory Safety Bug, Other Severe Vulns Fixed in Thunderbird

Sep 15, 2023

Remotely Exploitable ClamAV DoS Bug Discovered & Fixed

Aug 31, 2023

Fake Linux Vulnerability Exploit Drops Data-Stealing Malware

Jul 13, 2023

Critical OpenSSH RCE Bugs Fixed

Aug 24, 2023

News

Advisories

HOWTOs

Features

Guide To Tackling Network Programming Assignments On Linux
Guide To Software Security Testing On Linux
Everything You Need to Know About Linux Proxy Servers
Simple Steps for Identifying & Troubleshooting a Kernel Panic
Linux Endpoint Detection and Response (EDR): A Crucial Part of a Successful Cybersecurity Strategy

About Us

Powered By

Footer Logo

Feedback