-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-4661-1 security@debian.org https://www.debian.org/security/ Moritz Muehlenhoff April 21, 2020 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : openssl CVE ID : CVE-2020-1967 Bernd Edlinger discovered that malformed data passed to the SSL_check_chain() function during or after a TLS 1.3 handshake could cause a NULL dereference, resulting in denial of service. The oldstable distribution (stretch) is not affected. For the stable distribution (buster), this problem has been fixed in version 1.1.1d-0+deb10u3. We recommend that you upgrade your openssl packages. For the detailed security status of openssl please refer to its security tracker page at: https://security-tracker.debian.org/tracker/openssl Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAl6e+koACgkQEMKTtsN8 TjZYpA//YvGfr9NTErugtCJQ7KwRJGrXeKsYehR/EJXj1wR77f6k4HRc5J9AiLbV HaS+EKOPWS+buQ6MTS4hslwxhNzAlnharrzhSh2RrUZTfYB66+GhiPiilf09iXsG 2xTTqQW2stoOhzo8Qw6cN3SL7avw61moJwcIlFYxZ4wMuAZbLVSUw2Dlnk0LN3UP 4LD5k5sEYzlt57rygNJsFkquwpr5eth3FvCm5WYGorvcEJzhgdTgnerpSD1DYd84 eZczcYXCnnjXKeeJT3TPIgDiNt3eSP5ixQni1+lpR3bGfZHmlr7MwhhttQMvL+o7 lFP+M19/osxkYs9jt69naDxQIo0tHomrVCtBhTPdC6EIUPGMv4sIjLSIcJKWMhfC tax66NcCWrgRn62v60IgY26nWg52ZLezcOZyqUrMfeEzzCT3lQ5vXd7/+23YU689 PKTpXw4eyOEg3wp7kjyS9Xd2xGjwzGzq5jjK4cVwTPCZMhnlQTef7WLoWLwSqHIi pUTDnZZsBZJJ5l8Xp5j2tAwFhUseih1zd0Iz32Jog2YdUFZ4gd280/whDs8Iu9SR ZeD0mpKw0vsBvG6/yDypbOmRCvrhjSgtixx5Z/yiswSP0WGZg2Y+GAl9LVByBY7K JzfXM799tz16MrKVinXPsIAfZTrr6nbrxYuyDwQ4X7iFdJZ6T3g= =RykD -----END PGP SIGNATURE-----