• [SECURITY] [DSA 5417-1] openssl security update

    From Salvatore Bonaccorso@21:1/5 to All on Wed May 31 17:00:01 2023
    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA512

    - ------------------------------------------------------------------------- Debian Security Advisory DSA-5417-1 security@debian.org https://www.debian.org/security/ Salvatore Bonaccorso
    May 31, 2023 https://www.debian.org/security/faq
    - -------------------------------------------------------------------------

    Package : openssl
    CVE ID : CVE-2023-0464 CVE-2023-0465 CVE-2023-0466 CVE-2023-2650
    Debian Bug : 1034720

    Multiple vulnerabilities have been discovered in OpenSSL, a Secure
    Sockets Layer toolkit.

    CVE-2023-0464

    David Benjamin reported a flaw related to the verification of X.509
    certificate chains that include policy constraints, which may result
    in denial of service.

    CVE-2023-0465

    David Benjamin reported that invalid certificate policies in leaf
    certificates are silently ignored. A malicious CA could take
    advantage of this flaw to deliberately assert invalid certificate
    policies in order to circumvent policy checking on the certificate
    altogether.

    CVE-2023-0466

    David Benjamin discovered that the implementation of the
    X509_VERIFY_PARAM_add0_policy() function does not enable the check
    which allows certificates with invalid or incorrect policies to pass
    the certificate verification (contrary to its documentation).

    CVE-2023-2650

    It was discovered that processing malformed ASN.1 object identifiers
    or data may result in denial of service.

    For the stable distribution (bullseye), these problems have been fixed in version 1.1.1n-0+deb11u5.

    We recommend that you upgrade your openssl packages.

    For the detailed security status of openssl please refer to its security tracker page at:
    https://security-tracker.debian.org/tracker/openssl

    Further information about Debian Security Advisories, how to apply
    these updates to your system and frequently asked questions can be
    found at: https://www.debian.org/security/

    Mailing list: debian-security-announce@lists.debian.org
    -----BEGIN PGP SIGNATURE-----

    iQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAmR3XbdfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2 NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xND z0Q57RAAnVKJS02ib/Uke98Kia//N7JAweY3jZ5IGluzGqms6di2Z9+1qW/qbjI+ tGq2HdEd/ujN1+8hLciZN9U12Otkrt+Z//TvIJDBNd12sAiK6w5efVlIhESOW8z+ nXxDBNsZv4ocqFcdWlXTaE1JQBd4MGULHsrItoczMwL1iiHfuvOxS7XqrttfGK2K WlnE3/uzmKJup77u4OnHxicTEaUGesV8fvv2uoI+gxkiQPZbEDLBINClDlhSgAae vMhrZrYLwS6vNZOG4fvDheHkd+3jO1YCv+742YeZbEfa6o3RXYGvLzSRNo5MhR/K N2/pxTHsRFaPlAxjys1UNGsZsIK7eZR0jyVRrF3PkbMgI4SVEyoqsI19i+viGoHY Ih6YkrSFxmQfK+1XDXS4RFOgVN900h4D/V/13udiswHShaFVsf4wu9SagmJtzR7X TzsphwZAbvxcqhaKdURgHoXaokMRxlO7vFijB1//Q+/uJJrkpLb+XTkN+SnujCSA 48tAs3vnv9fki14+B6IQ9Tyg/Obhxk+z5Xb3W6H6xO1IfdmCibBvF77O8Q8uKIhD p3yhZeZY0VanKJMxquC3Yi0Ja6wbcJuww33/9/pqpTEdaoOnxb/wXNU0x2wIRBUL 7IzNcmgVpQ1P3UhM58WZGOUS/0+IAtGfuEzZJiuWWKyV3hFvIEs=
    =XKMH
    -----END PGP SIGNATURE-----

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)