Debian LTS 11: DLA-3942-1 moderate: openssl denial of service
debian lts
October 31, 2024
Multiple vulnerabilities were discovered in OpenSSL, the Secure Sockets Layer toolkit
Topics Covered
Summary
CVE-2023-5678
A denial of service could occur with excessively long X9.42 DH keys.
CVE-2024-0727
A denial of service could occur with a null field in a PKCS12 file.
CVE-2024-2511
A denial of service could occur when the SSL_OP_NO_TICKET flag is
set, with TLSv1.3.
CVE-2024-4741
A use-after-free problem was found in the SSL_free_buffers function.
CVE-2024-5535
Calling the OpenSSL API function SSL_select_next_proto with an empty
supported client protocols buffer may cause a crash or memory
contents to be sent to the peer.
CVE-2024-9143
Use of the low-level GF(2^m) elliptic curve APIs with untrusted
explicit values for the field polynomial can lead to out-of-bounds
memory reads or writes. This could lead to information disclosure
or possibly remote code execution.
For Debian 11 bullseye, these problems have been fixed in version
1.1.1n-0+deb11u6.
We recommend that you upgrade your openssl packages.
For the detailed security status of openssl please refer to
PREVIOUS
NEXT
Severity
important
Lowest
Low
Medium
High
Critical
Package: openssl
Version: 1.1.1n-0+deb11u6
CVE ID: CVE-2023-5678 CVE-2024-0727 CVE-2024-2511 CVE-2024-4741
Debian Bug: 1055473 1061582 1068658 1072113 1074487 1085378
Topics Covered
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!