Debian Security Advisory 5103-1

Debian Security Advisory 5103-1: Posted Mar 28, 2022; Authored by Debian | Site debian.org; Debian Linux Security Advisory 5103-1 - Tavis Ormandy discovered that the BN_mod_sqrt() function of OpenSSL could be tricked into an infinite loop. This could result in denial of service via malformed certificates.; tags | advisory, denial of service; systems | linux, debian; advisories | CVE-2021-4160, CVE-2022-0778; SHA-256 | 7e8b206a447d884b492daca09525ab567463a9f49acb4d20581af37b4ca4a50c; Download | Favorite | View

Debian Security Advisory 5103-1

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- -------------------------------------------------------------------------
Debian Security Advisory DSA-5103-1                   security@debian.org
https://www.debian.org/security/                     Salvatore Bonaccorso
March 15, 2022                        https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : openssl
CVE ID         : CVE-2021-4160 CVE-2022-0778
Debian Bug     : 989604

Tavis Ormandy discovered that the BN_mod_sqrt() function of OpenSSL
could be tricked into an infinite loop. This could result in denial of
service via malformed certificates.

Additional details can be found in the upstream advisory:
https://www.openssl.org/news/secadv/20220315.txt

In addition this update corrects a carry propagation bug specific to
MIPS architectures.

For the oldstable distribution (buster), this problem has been fixed
in version 1.1.1d-0+deb10u8.

For the stable distribution (bullseye), this problem has been fixed in
version 1.1.1k-1+deb11u2.

We recommend that you upgrade your openssl packages.

For the detailed security status of openssl please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/openssl

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: debian-security-announce@lists.debian.org
-----BEGIN PGP SIGNATURE-----

iQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAmIwxQtfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2
NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xND
z0R2qw//c0GbzcbXlLfibf7Nki5CMJUdWqx1si8O2uQ1vKxgC07rCAx1Lrw0TtIl
Tq1vYRtSbvy8P4Qn3E6/lbSYTnM7JbkriZ1HS3Mw4VFlOBA8lWMif4KotrcMAoYE
IOQlhhTCkKZM8cL4YKDwN7XSy5LSdt/sw5rIi1ZpgVTEXQeKIDPa5WK6YyIGNG6k
h83TPYZp+8e3Fuoubb8RY5CUfFomdMHRazHcrCkjY+yvFTFdKbUza9RjUs44xu2Z
ZUTfIddR8D8mWfKOyvAVMw0A7/zjFW1IX0vC0RhHwjrulLgJbqWvcYQgEJy/wOKd
tWjVwGya7+Fxn6GFL0rHZP/OFq9mDwxyBDfDg/hD+TSnbxtyHIxUH4QoWdPPgJxP
ahln2TNfsnQsCopdn9dJ/XOrkC35R7Jp11kmX8MCTP6k8ob4mdQIACcRND/jcPgT
tOBoUBCrha98Qvdh6UAGegTxqOBaNhG52fpNjEegq/q7kxlugdOtbY1nZXvuHHI5
C9Gd6e4JqpRlMDuT7rC8qchXJM8VnhWdVdz95gkeQCA21+AGJ+CEvTpSRPY6qCrM
rUvS3HVrBFNLWNlsA68or3y8CfxjFbpXnSxflCmoBtmAp6z9TXm59Fu7N6Qqkpom
yV0hQAqqeFa9u3NZKoNrj/FGWYXZ+zMt+jifRLokuB0IhFUOJ70=
=SB84
-----END PGP SIGNATURE-----

Top Authors In Last 30 Days

Red Hat 272 files
Ubuntu 60 files
Debian 19 files
Gentoo 8 files
Apple 5 files
Google Security Research 4 files
Jann Horn 3 files
Spencer McIntyre 3 files
LiquidWorm 3 files
Pierre Kim 2 files

File Archives

Systems

AIX (430)
Apple (2,132)
BSD (378)
CentOS (61)
Cisco (1,954)
Debian (7,172)
Fedora (1,693)
FreeBSD (1,247)
Gentoo (4,607)
HPUX (881)
iOS (395)
iPhone (108)
IRIX (220)
Juniper (71)
Linux (52,112)
Mac OS X (696)
Mandriva (3,105)
NetBSD (256)
OpenBSD (490)
RedHat (17,459)
Slackware (941)
Solaris (1,615)
SUSE (1,444)
Ubuntu (10,018)
UNIX (9,482)
UnixWare (188)
Windows (6,785)
Other

Debian Security Advisory 5103-1

Debian Security Advisory 5103-1

File Archive:

November 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems

Debian Security Advisory 5103-1

Share This

Debian Security Advisory 5103-1

File Archive:

November 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems