DSA-4157-1 openssl -- opensslID: oval:org.secpod.oval:def:603338 | Date: (C)2018-03-30 (M)2024-04-17 |
Class: PATCH | Family: unix |
Multiple vulnerabilities have been discovered in OpenSSL, a Secure Sockets Layer toolkit. The Common Vulnerabilities and Exposures project identifies the following issues: CVE-2017-3738 David Benjamin of Google reported an overflow bug in the AVX2 Montgomery multiplication procedure used in exponentiation with 1024-bit moduli. CVE-2018-0739 It was discovered that constructed ASN.1 types with a recursive definition could exceed the stack, potentially leading to a denial of service. Details can be found in the upstream advisory: https://www.openssl.org/news/secadv/20180327.txt
Platform: |
Debian 8.x |
Debian 9.x |
Product: |
openssl |
libcrypto1.1-udeb |
libssl1.1 |
libssl-dev |
libssl-doc |