Debian 9812 Published by

An openssl security update has been released for Debian GNU/Linux 10 LTS to address two vulnerabilities.

[SECURITY] [DLA 3530-1] openssl security update

- -------------------------------------------------------------------------
Debian LTS Advisory DLA-3530-1 Anton Gladky
August 15, 2023
- -------------------------------------------------------------------------

Package : openssl
Version : 1.1.1n-0+deb10u6
CVE ID : CVE-2023-3446 CVE-2023-3817

Two vunerabilities were discovered in openssl, a Secure Sockets Layer toolkit:

CVE-2023-3446, CVE-2023-3817

Excessively long DH key or parameter checks can cause significant delays
in applications using DH_check(), DH_check_ex(), or EVP_PKEY_param_check()
functions, potentially leading to Denial of Service attacks when keys or
parameters are obtained from untrusted sources.

For Debian 10 buster, these problems have been fixed in version

We recommend that you upgrade your openssl packages.

For the detailed security status of openssl please refer to
its security tracker page at:

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: