Ops One AG platform status and maintenance announcements. Times are indicated in local Swiss time. http://opsone.ch/.

Thursday 18th February 2021

Managed Server Version 7: Security Update openssl, scheduled 1 week ago

Multiple vulnerabilities have been discovered in OpenSSL, a Secure Sockets Layer toolkit. An overflow bug in the x64_64 Montgomery squaring procedure, an integer overflow in CipherUpdate and a NULL pointer dereference flaw X509_issuer_and_serial_hash() were found, which could result in denial of service.

Additional details can be found in the upstream advisories

  • https://www.openssl.org/news/secadv/20191206.txt and
  • https://www.openssl.org/news/secadv/20210216.txt .

We will update the following packages to the latest version:

  • libssl-dev/stable 1.1.1d-0+deb10u5 amd64 [upgradable from: 1.1.1d-0+deb10u4]
  • libssl1.1/stable 1.1.1d-0+deb10u5 amd64 [upgradable from: 1.1.1d-0+deb10u4]
  • openssl/stable 1.1.1d-0+deb10u5 amd64 [upgradable from: 1.1.1d-0+deb10u4]

Start maintenance window: 18/02/2021 13:00 CET
Stop maintenance window: 18/02/2021 14:00 CET