Mageia: 2021-0108 Moderate OpenSSL Denial of Service Vulnerability
mageia
March 4, 2021
Paul Kehrer discovered that OpenSSL incorrectly handled certain input lengths in EVP functions
Summary
Paul Kehrer discovered that OpenSSL incorrectly handled certain input lengths
in EVP functions. A remote attacker could possibly use this issue to cause
OpenSSL to crash, resulting in a denial of service (CVE-2021-23840).
Tavis Ormandy discovered that OpenSSL incorrectly handled parsing issuer
fields. A remote attacker could possibly use this issue to cause OpenSSL to
crash, resulting in a denial of service (CVE-2021-23841).
References
- https://bugs.mageia.org/show_bug.cgi?id=28383
- https://openssl-library.org/news/secadv/20210216.txt
- https://ubuntu.com/security/notices/USN-4738-1
- https://www.cve.org/CVERecord?id=CVE-2021-23840
- https://www.cve.org/CVERecord?id=CVE-2021-23841
Resolution
SRPMS
- 8/core/openssl-1.1.1j-1.mga8
- 7/core/openssl-1.1.0l-1.3.mga7
- 7/core/compat-openssl10-1.0.2u-1.2.mga7
PREVIOUS
NEXT
Publication date: 04 Mar 2021
URL: https://advisories.mageia.org/MGASA-2021-0108.html
Type: security
CVE: CVE-2021-23840,
CVE-2021-23841
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Related News
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!