Issue summary: Calling the OpenSSL API function SSL_select_next_proto with an empty supported client protocols buffer may cause a crash or memory contents to be sent to the peer. Impact summary: A buffer overread can have a range of potential consequences such as unexpected application beahviour or a crash. In particular this issue could result in up to 255 bytes of arbitrary private data from memory being sent to the peer leading to a loss of confidentiality. However, only applications that directly call the SSL_select_next_proto function with a 0 length list of supported client protocols are affected by this issue. This would normally never be a valid scenario and is typically not under attacker control but may occur by accident in the case of a configuration or programming error in the calling application. The OpenSSL API function SSL_select_next_proto is typically used by TLS applications that support ALPN (Application Layer Protocol Negotiation) or NPN (Next Protocol Negotiat...

ELSA-2024-7848: openssl security update (LOW)

ELSA-2024-12786: openssl security update (IMPORTANT)

Security update for openssl-1_1

ELSA-2024-9333: openssl and openssl-fips-provider security update (LOW)

ELSA-2025-1673: mysql:8.0 security update (IMPORTANT)

ELSA-2025-1671: mysql security update (IMPORTANT)