-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian LTS Advisory DLA-2761-1 [email protected] https://www.debian.org/lts/security/ Sylvain Beucler September 18, 2021 https://wiki.debian.org/LTS - -------------------------------------------------------------------------
Package : openssl1.0 Version : 1.0.2u-1~deb9u5 The legacy 1.0 version of OpenSSL, a cryptography library for secure communication, fails to validate alternate trust chains in some conditions. In particular this breaks connecting to servers that use Let's Encrypt certificates, starting 2021-10-01. For Debian 9 stretch, this problem has been fixed in version 1.0.2u-1~deb9u5. We recommend that you upgrade your openssl1.0 packages. For the detailed security status of openssl1.0 please refer to its security tracker page at: https://security-tracker.debian.org/tracker/openssl1.0 Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEE1vEOfV7HXWKqBieIDTl9HeUlXjAFAmFGSP4ACgkQDTl9HeUl XjDQ9w/+P6sAu8lNd1sQOSBxUKal13AwSyvgX1X1ENtY5ebD/Vrc8O+diOYHjBwG L27NgYk6RRlrLFom7ZgI3BtPzXCvOnLfDqP1/1kTMvHh1iUvG3nw5N0muih7aW8Q cZDmWj2BlC0yse0HmFPDEbEeptzYrasvj+s7vcqytpXp+F6KtIUbZcbmFccSQAy0 8biWsUtqbIRJF8fpf+WJnJzm0RpXYUYwzINyM/zdErBSUS9UgKnaHNJbULADk0lL VcDhi85xKd3bKKe/aFcFCtjZgEv1iFVCu3VxoyT62PHeZwLo91Pyq5Isu7/X9xpn toIF4y6yUXiFYFUL6VVNnMsHpWKZuUE9DJ7BAskGB54vw5QEUSO2jZHXPAsQf+2o YDd+ya1mtK5NdtfFRAjxffBJ8cSQmp+6IWzok3JTuuUqvqxCGCUtWM9zVd+MMC3+ H3cNRexpHwNtXkJ8R1DFCwXAF6xmY7d1pdP47E2hpLmyGVP25GFZPKNXOaMg5l/G YKmY2mssT7Fk6e/YyyK7xcuccsdYG7v/TP08oQ2byML25blAuBNxxwpYMNgqZ89B PoMkgakBNLmPDTYxtG2Zpupu+F3lGurOss4asLw2C2xcbH9DpKOGiO+kFyHxDj8R Ve9RoXVDNbI/JzxJMBskhypj20ck16Djb+FUk1vYVqTN0iN7NfA= =xweA -----END PGP SIGNATURE-----
