| Package | openssl |
|---|---|
| Version | 1.0.1t-1+deb8u14 |
| Related CVEs | CVE-2021-23840 CVE-2021-23841 |
It was discovered that there were two issues in the OpenSSL cryptographic system:
Prevent an issue where “Digital EnVeloPe” EVP-related calls could cause applications to behave incorrectly or even crash.
Prevent an issue in the X509 certificate parsing caused by the lack of error handling while ingesting the “issuer” field.
For Debian 8 Jessie, these problems have been fixed in version 1.0.1t-1+deb8u14.
We recommend that you upgrade your openssl packages.
Further information about Extended LTS security advisories can be found at: https://deb.freexian.com/extended-lts/