|
|
Log in / Subscribe / Register

Debian alert DSA-6201-1 (openssl)



From:
              Salvatore Bonaccorso <carnil@debian.org>


To:
              debian-security-announce@lists.debian.org


Subject:
              [SECURITY] [DSA 6201-1] openssl security update


Date:
              Tue, 07 Apr 2026 21:17:30 +0000


Message-ID:
              <E1wADne-0000000HAB9-2MLJ@seger.debian.org>


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- -------------------------------------------------------------------------
Debian Security Advisory DSA-6201-1                   security@debian.org
https://www.debian.org/security/                     Salvatore Bonaccorso
April 07, 2026                        https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : openssl
CVE ID         : CVE-2026-2673 CVE-2026-28387 CVE-2026-28388 CVE-2026-28389
                 CVE-2026-28390 CVE-2026-31789 CVE-2026-31790
Debian Bug     : 1130650

Multiple vulnerabilities have been discovered in OpenSSL, a Secure
Sockets Layer toolkit, which may result in denial of service,
information leaks, or potentially remote code execution.

Additional details can be found in the upstream advisory:
https://openssl-library.org/news/secadv/20260407.txt

For the oldstable distribution (bookworm), these problems have been fixed
in version 3.0.19-1~deb12u2.

For the stable distribution (trixie), these problems have been fixed in
version 3.5.5-1~deb13u2.

We recommend that you upgrade your openssl packages.

For the detailed security status of openssl please refer to its security
tracker page at:
https://security-tracker.debian.org/tracker/openssl

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: debian-security-announce@lists.debian.org
-----BEGIN PGP SIGNATURE-----

iQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAmnVc55fFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2
NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xND
z0T6GQ/8DBNrkwrsgUXbuLU/kb16IdpGoeuTwQMV3ZLSAZaHWvY0b2b1ru7c8KVh
ygYtgDzQ5sXtk55Fj4DE2piGiFGaVNdGsJfb+Ip3FS0dWxNeMdwV0dQyB46trIrg
Zt9Kw0TfICARGoFAihU/C4enIPeV/FLycsu2bbhkudQv0CEMa+Sb6FfLWi/vECq9
quhtP1zSc3luvmL8hQM7zDOAbWhKNdo4LMpoa+KQYvtQw/6JtGb1l52KmOLeHGq0
K9W1ekkrv4iH8AaMuTB0lRNjdYVdsYZ/kKTkrlsUwcf/5EH3b/gkufvr5gf8M+nB
QKkw5mey4vO2Hu8V5hGLj2UDk8ovW2XN29e0/Wr4NkIInDGKY4gU5ikU92ynAMF5
A1R7aHx18XjeI7ojc6f7C7qKIFTDIwJT9NZa4hvdNgEaPHQpbOMtL5YBiabrRz2V
FDIUgxrq/Jnkanz1lQwFN+TNeCwT54RJIXsxspzJuCN4nWmZW2fx4yq8fY8HBuDH
0lzo4tRWf/iSs0kFTfwbQ01Edjhvqczou/EO+N5Y2CpZUVraN//sjGUTIuIb/e5K
D4s9ROCdKZG4zGKviOiJ1+lW/GwMP8doZCisq7SzHCBfng5hninQUdajPnVYXzQ+
lxYhkhhuoeWvhCob46CwnXXv4Fmz0Oju2zhIHp2lZn8f6Xb8yiA=
=aRAe
-----END PGP SIGNATURE-----
to post comments


Copyright © 2026, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds