DSA-4065-1 openssl1.0 -- openssl1.0ID: oval:org.secpod.oval:def:603217 | Date: (C)2017-12-27 (M)2024-04-17 |
Class: PATCH | Family: unix |
Multiple vulnerabilities have been discovered in OpenSSL, a Secure Sockets Layer toolkit. The Common Vulnerabilities and Exposures project identifies the following issues: CVE-2017-3737 David Benjamin of Google reported that OpenSSL does not properly handle SSL_read and SSL_write while being invoked in an error state, causing data to be passed without being decrypted or encrypted directly from the SSL/TLS record layer. CVE-2017-3738 It was discovered that OpenSSL contains an overflow bug in the AVX2 Montgomery multiplication procedure used in exponentiation with 1024-bit moduli. Details can be found in the upstream advisory: https://www.openssl.org/news/secadv/20171207.txt
Product: |
libssl1.0-dev |
libssl1.0.2 |
libcrypto1.0.2-udeb |