Wednesday 09 December 2020
The impact of this issue announcement is high. Please act accordingly to rectify the issue, as stated below.
All OpenSSL 1.1.1 and 1.0.2 versions are affected by this issue. Other OpenSSL releases are out of support and have not been checked.
What you need to know:
OpenSSL has released a security update to address EDIPARTYNAME NULL pointer de-reference vulnerability which affects all versions of 1.0.2 and 1.1.1 released before 1.1.1i. When exploited, CVE-2020-1971 could cause a denial-of-service.
Actions to be taken:
OpenSSL 1.1.1 users should upgrade to 1.1.1i.
OpenSSL 1.0.2 is out of support and no longer receives public updates. Premium support customers of OpenSSL 1.0.2 are advised to upgrade to 1.0.2x.