-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- -------------------------------------------------------------------------
Debian Security Advisory DSA-4855-1                   security@debian.org
https://www.debian.org/security/                     Salvatore Bonaccorso
February 17, 2021                     https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : openssl
CVE ID         : CVE-2019-1551 CVE-2021-23840 CVE-2021-23841
Debian Bug     : 947949

Multiple vulnerabilities have been discovered in OpenSSL, a Secure
Sockets Layer toolkit. An overflow bug in the x64_64 Montgomery squaring
procedure, an integer overflow in CipherUpdate and a NULL pointer
dereference flaw X509_issuer_and_serial_hash() were found, which could
result in denial of service.

Additional details can be found in the upstream advisories
https://www.openssl.org/news/secadv/20191206.txt and
https://www.openssl.org/news/secadv/20210216.txt .

For the stable distribution (buster), these problems have been fixed in
version 1.1.1d-0+deb10u5.

We recommend that you upgrade your openssl packages.

For the detailed security status of openssl please refer to its security
tracker page at:
https://security-tracker.debian.org/tracker/openssl

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: debian-security-announce@lists.debian.org
-----BEGIN PGP SIGNATURE-----

iQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAmAtHDpfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2
NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xND
z0SYCg/9HRfTx/x8jaG8pn8kcPmUiSs+WkMBXmQeg97Gf6NLeflYczwtZ9MGWAAj
J9R72BqppoSGaI4MPgUQPRDRHclktJOxBkICyiYL35G18x0iFz352rfHegq9rzVe
VxJAXh3Xo6hA/SX046rjh+gJU63fgiE4Wy9T1D9y9A582FHfqhNFpEbWyzA871hG
nDFabpyvRltEC/XXu5pejqU9cguc4wF6pVjMffF1ikV6srAFPFO14v5aYYTWHEe1
D5cOUe6ckFIJBHYO4NEldlfRN1OVUZUMERQwjkfJ6RnwOxzN9dAdnhle+nqgeC7P
GwyVHTNIIhNOpjo24j0d13npJqdBvpXygG8TVDzRGm70SgMsizIm/b8ID9yzQjXH
45ziZZKLnLDDE55v62bUZ7KOe3DZYp/dElZ6mt/xKikC10GEOv1exsaB12s4LlDx
+7VF2U3nAer//G2LkGAPkbNAT1RC1uibnivyed3uHpUwFewE0fsdaoHtwFPPYDNp
Y7dyMI+SpAF1/6PW7kBqgHtyp9GAp2fcldV1uLmr9FKoBASvemkReHH1/eDzPqaA
xKzJ67vi9vX3IKtEz+T/EftZ5VDb/JW/f5EPsLNKjQJomRaQRr9EnYMVFCERVwvk
IMCzTgoed90pMSWyfO7BkywXMk4t14IeV9PhGVTfCrdpr4c2QC4=
=hM2Z
-----END PGP SIGNATURE-----