| Package | openssl |
|---|---|
| Version | 1.1.1n-0+deb10u8 (buster) |
| Related CVEs | CVE-2024-13176 CVE-2025-9230 |
Two vulnerabilities were found in OpenSSL, a Secure Sockets Layer toolkit:
CVE-2024-13176
A timing side-channel which could potentially allow recovering
the private key exists in the ECDSA signature computation.
CVE-2025-9230
An application trying to decrypt CMS messages encrypted using
password based encryption can trigger an out-of-bounds read and write.
For Debian 10 buster, these problems have been fixed in version 1.1.1n-0+deb10u8.
We recommend that you upgrade your openssl packages.
Further information about Extended LTS security advisories can be found in the dedicated section of our website.