Thursday 18 February 2021
The impact of this issue announcement is medium. Please act accordingly to rectify the issue, as stated below.
OpenSSL versions 1.1.1i and below, versions 1.0.2x and below.
What you need to know:
The OpenSSL Project addressed three vulnerabilities, including two Denial-of-Service (DoS) triggers (CVE-2021-23841 and CVE-2021-23840), and an issue in the SSLv2 rollback protection (CVE-2021-23839).
Actions to be taken:
Users are encouraged to upgrade to version 1.1.j and 1.0.2y.