DSA-4017-1 openssl1.0 -- openssl1.0ID: oval:org.secpod.oval:def:603154 | Date: (C)2017-12-04 (M)2024-04-17 |
Class: PATCH | Family: unix |
Multiple vulnerabilities have been discovered in OpenSSL, a Secure Sockets Layer toolkit. The Common Vulnerabilities and Exposures project identifies the following issues: CVE-2017-3735 It was discovered that OpenSSL is prone to a one-byte buffer overread while parsing a malformed IPAddressFamily extension in an X.509 certificate. Details can be found in the upstream advisory: https://www.openssl.org/news/secadv/20170828.txt CVE-2017-3736 It was discovered that OpenSSL contains a carry propagation bug in the x86_64 Montgomery squaring procedure. Details can be found in the upstream advisory: https://www.openssl.org/news/secadv/20171102.txt
Product: |
libssl1.0-dev |
libssl1.0.2 |
libcrypto1.0.2-udeb |