OpenSSL Multiple Denial of Service Vulnerabilities
| Affects | Status | Importance | Assigned to | Milestone | |
|---|---|---|---|---|---|
| openssl (Ubuntu) |
Fix Released
|
Undecided
|
Unassigned | ||
Bug Description
Multiple vulnerabilities have been reported in OpenSSL, which can be exploited by malicious people to cause a DoS (Denial of Service).
1
An error related to the "X509_issuer_
2
An integer overflow error related to CipherUpdate calls can be exploited to cause a crash.
The vulnerabilities are reported in versions prior to 1.1.1j and prior to 1.0.2y.
Affected Software
The following software is affected by the described vulnerability. Please check the vendor links below to see if exactly your version is affected.
OpenSSL 1.x
Solution
Update to version 1.1.1j or 1.0.2y.
References
1. https:/
2. https:/
3. https:/
Please provide an update.
CVE References
| Seth Arnold (seth-arnold) wrote | #1 |
| information type: | Private Security → Public Security |
| Marc Deslauriers (mdeslaur) wrote | #2 |
| Changed in openssl (Ubuntu): | |
| status: | New → Fix Released |
Hello, there are untested packages in https:/
Thanks