MGASA-2021-0108

Advisory lineage Upstream: 2 Downstream: 0

Upstream

CVE-2021-23840 CVE-2021-23841

Published: 04 Mar 2021, 16:53

Last modified:16 Apr 2026, 04:25

Vulnerability Summary

Overall Risk (default)

minimal

0/100

CVSS Score

No data

EPSS Score

No data

KEV

Not listed

Ransomware

No reports

Public exploits

None found

Dark Web

Not detected

Timeline

04 Mar 2021, 16:53

Published

Vulnerability first disclosed

16 Apr 2026, 04:25

Last Modified

Vulnerability information updated

Description

Updated openssl and compat-openssl10 packages fix security vulnerabilities Paul Kehrer discovered that OpenSSL incorrectly handled certain input lengths in EVP functions. A remote attacker could possibly use this issue to cause OpenSSL to crash, resulting in a denial of service (CVE-2021-23840). Tavis Ormandy discovered that OpenSSL incorrectly handled parsing issuer fields. A remote attacker could possibly use this issue to cause OpenSSL to crash, resulting in a denial of service (CVE-2021-23841).

Affected Systems

mageia•compat-openssl10
< 1.0.2u-1.2.mga7
mageia•openssl
< 1.1.0l-1.3.mga7
mageia•openssl
< 1.1.1j-1.mga8

MGASA-2021-0108

Vulnerability Summary

Timeline

Description

Affected Systems

References (4)