Multiple vulnerabilities have been discovered in OpenSSL, a Secure Sockets Layer toolkit. An overflow bug in the x64_64 Montgomery squaring procedure, an integer overflow in CipherUpdate and a NULL pointer dereference flaw X509_issuer_and_serial_hash() were found, which could result in denial of service.
Additional details can be found in the upstream advisories
- https://www.openssl.org/news/secadv/20191206.txt and
- https://www.openssl.org/news/secadv/20210216.txt .
We will update the following packages to the latest version:
- libssl-dev/stable 1.1.1d-0+deb10u5 amd64 [upgradable from: 1.1.1d-0+deb10u4]
- libssl1.1/stable 1.1.1d-0+deb10u5 amd64 [upgradable from: 1.1.1d-0+deb10u4]
- openssl/stable 1.1.1d-0+deb10u5 amd64 [upgradable from: 1.1.1d-0+deb10u4]
Start maintenance window: 18/02/2021 13:00 CET
Stop maintenance window: 18/02/2021 14:00 CET
