[CLSA-2023:1693419971] Fix CVE(s): CVE-2023-3817

Type:

security

Severity:

Moderate

Release date:

2023-08-30 18:26:15 UTC

Description:

   * SECURITY UPDATE: Checking excessively long DH keys or parameters may be
     very slow. Where the key or parameters that are being checked have been
     obtained from an untrusted source this may lead to a Denial of Service.
     - debian/patches/CVE-2023-3817.patch: Add a prior check and process only
       a correct DH keys
     - CVE-2023-3817

Updated packages:

libssl-dev_1.1.1-1ubuntu2.1~18.04.23+tuxcare.els1_amd64.deb
sha:d47356452b316c4d33ac48b74ce77c087ee3c613
libssl-doc_1.1.1-1ubuntu2.1~18.04.23+tuxcare.els1_all.deb
sha:d52ffae46ce9fd532af58bfb26b541b828f16502
libssl1.1_1.1.1-1ubuntu2.1~18.04.23+tuxcare.els1_amd64.deb
sha:fbad93fb6260619305f2dbeeca6c9e92b6e7e785
openssl_1.1.1-1ubuntu2.1~18.04.23+tuxcare.els1_amd64.deb
sha:578887cb58e31a4d0d96fb4b5d635a4e69fce571

Notes:

This page is generated automatically and has not been checked for errors. For clarification or corrections please contact the CloudLinux Packaging Team.