Updated openssl and compat-openssl10 packages fix security vulnerabilities
Publication date: 04 Mar 2021Modification date: 04 Mar 2021
Type: security
Affected Mageia releases : 7 , 8
CVE: CVE-2021-23840 , CVE-2021-23841
Description
Paul Kehrer discovered that OpenSSL incorrectly handled certain input lengths in EVP functions. A remote attacker could possibly use this issue to cause OpenSSL to crash, resulting in a denial of service (CVE-2021-23840). Tavis Ormandy discovered that OpenSSL incorrectly handled parsing issuer fields. A remote attacker could possibly use this issue to cause OpenSSL to crash, resulting in a denial of service (CVE-2021-23841).
References
SRPMS
7/core
- openssl-1.1.0l-1.3.mga7
- compat-openssl10-1.0.2u-1.2.mga7
8/core
- openssl-1.1.1j-1.mga8