DSA-5417-1 openssl -- opensslID: oval:org.secpod.oval:def:93352 | Date: (C)2023-09-27 (M)2024-01-29 |
Class: PATCH | Family: unix |
Multiple vulnerabilities have been discovered in OpenSSL, a Secure Sockets Layer toolkit. CVE-2023-0464 David Benjamin reported a flaw related to the verification of X.509 certificate chains that include policy constraints, which may result in denial of service. CVE-2023-0465 David Benjamin reported that invalid certificate policies in leaf certificates are silently ignored. A malicious CA could take advantage of this flaw to deliberately assert invalid certificate policies in order to circumvent policy checking on the certificate altogether. CVE-2023-0466 David Benjamin discovered that the implementation of the X509_VERIFY_PARAM_add0_policy function does not enable the check which allows certificates with invalid or incorrect policies to pass the certificate verification . CVE-2023-2650 It was discovered that processing malformed ASN.1 object identifiers or data may result in denial of service.
Product: |
libcrypto1.1-udeb |
libssl1.1 |
libssl-dev |
openssl |
libssl-doc |