| Package | openssl |
|---|---|
| Version | 1.0.1t-1+deb8u13 |
| Related CVEs | CVE-2018-0734 CVE-2020-1971 |
Two security vulnerabilities were found in OpenSSL, the Secure Sockets Layer toolkit.
CVE-2018-0734
A minor timing side channel attack was found in the OpenSSL DSA
signature algorithm. The fix for that introduced a more severe
regression that could also be exploited as a timing side channel
attack. This update fixes both the original problem and the
subsequent issue.
CVE-2020-1971
David Benjamin discovered a flaw in the GENERAL_NAME_cmp() function
which could cause a NULL dereference, resulting in denial of service.
For Debian 8 jessie, these problems have been fixed in version 1.0.1t-1+deb8u13.
We recommend that you upgrade your openssl packages.
Further information about Extended LTS security advisories can be found in the dedicated section of our website.