| Package | openssl |
|---|---|
| Version | 1.0.1t-1+deb8u14 |
| Related CVEs | CVE-2021-23840 CVE-2021-23841 |
It was discovered that there were two issues in the OpenSSL cryptographic system:
-
Prevent an issue where “Digital EnVeloPe” EVP-related calls could cause applications to behave incorrectly or even crash.
-
Prevent an issue in the X509 certificate parsing caused by the lack of error handling while ingesting the “issuer” field.
For Debian 8 Jessie, these problems have been fixed in version 1.0.1t-1+deb8u14.
We recommend that you upgrade your openssl packages.
Further information about Extended LTS security advisories can be found at: https://deb.freexian.com/extended-lts/