Errata overview
Errata ID 65
Date 2018-05-16
Source package openssl1.0
Fixed in version 1.0.2l-2+deb9u3
This update addresses the following issue:
* Constructed ASN.1 types with a recursive definition (such as can be found
  in PKCS7) could eventually exceed the stack given malicious input with
  excessive recursion. This could result in a Denial Of Service attack. There
  are no such structures used within SSL/TLS that come from untrusted sources
  so this is considered safe. (CVE-2018-0739)
Additional notes
CVE ID CVE-2018-0739
UCS Bug number #46776