MGASA-2021-0108

See a problem?
Please try reporting it to the source first.
Source
https://advisories.mageia.org/MGASA-2021-0108.html
Import Source
https://advisories.mageia.org/MGASA-2021-0108.json
JSON Data
https://api.test.osv.dev/v1/vulns/MGASA-2021-0108
Related
Published
2021-03-04T16:53:32Z
Modified
2021-03-04T15:56:47Z
Summary
Updated openssl and compat-openssl10 packages fix security vulnerabilities
Details

Paul Kehrer discovered that OpenSSL incorrectly handled certain input lengths in EVP functions. A remote attacker could possibly use this issue to cause OpenSSL to crash, resulting in a denial of service (CVE-2021-23840).

Tavis Ormandy discovered that OpenSSL incorrectly handled parsing issuer fields. A remote attacker could possibly use this issue to cause OpenSSL to crash, resulting in a denial of service (CVE-2021-23841).

References
Credits

Affected packages

Mageia:8 / openssl

Package

Name
openssl
Purl
pkg:rpm/mageia/openssl?distro=mageia-8

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.1.1j-1.mga8

Ecosystem specific 

{
    "section": "core"
}

Mageia:7 / openssl

Package

Name
openssl
Purl
pkg:rpm/mageia/openssl?distro=mageia-7

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.1.0l-1.3.mga7

Ecosystem specific 

{
    "section": "core"
}

Mageia:7 / compat-openssl10

Package

Name
compat-openssl10
Purl
pkg:rpm/mageia/compat-openssl10?distro=mageia-7

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.0.2u-1.2.mga7

Ecosystem specific 

{
    "section": "core"
}