Overview

File _patchinfo of Package patchinfo.18804

<patchinfo incident="18804">
  <issue tracker="cve" id="2021-3449"/>
  <issue tracker="bnc" id="1183852">CVE-2021-3449: openssl-1_1: NULL pointer deref in signature_algorithms processing</issue>
  <packager>jsikes</packager>
  <rating>important</rating>
  <category>security</category>
  <summary>Security update for openssl-1_1</summary>
  <description>This update for openssl-1_1 fixes the security issue:

* CVE-2021-3449: An OpenSSL TLS server may crash if sent a maliciously crafted
  renegotiation ClientHello message from a client. If a TLSv1.2 renegotiation
  ClientHello omits the signature_algorithms extension but includes a
  signature_algorithms_cert extension, then a NULL pointer dereference will
  result, leading to a crash and a denial of service attack. OpenSSL TLS
  clients are not impacted by this issue. [bsc#1183852]
</description>
</patchinfo>
openSUSE Build Service is sponsored by
Places