DSA-4855-1 openssl -- opensslID: oval:org.secpod.oval:def:69873 | Date: (C)2021-03-05 (M)2023-12-20 |
Class: PATCH | Family: unix |
Multiple vulnerabilities have been discovered in OpenSSL, a Secure Sockets Layer toolkit. An overflow bug in the x64_64 Montgomery squaring procedure, an integer overflow in CipherUpdate and a NULL pointer dereference flaw X509_issuer_and_serial_hash were found, which could result in denial of service. Additional details can be found in the upstream advisories https://www.openssl.org/news/secadv/20191206.txt and https://www.openssl.org/news/secadv/20210216.txt .