OpenWrt ProjectOPENWRT-SA-000007

HistoryJan 28, 2016 - 8:32 p.m.

openssl: Security update (2 CVEs)

2016-01-2820:32:02

OpenWrt Project

lists.openwrt.org

798

0.119 Low

EPSS

Percentile

94.8%

JSON

The openssl package has been rebuilt and was uploaded to the Chaos
Calmer 15.05 repository due to multiple security issues.

VERSION

1.0.2e-1 => 1.0.2f-1

CHANGELOG

[Thu, 28 Jan 2016 18:26:18 +0000 87e9837]

Update to 1.0.2f (fixes CVE-2016-0701, CVE-2015-3197)

CHANGES

package/libs/openssl/Makefile | 4 +±-
…/openssl/patches/110-optimize-for-size.patch | 2 ±
…/libs/openssl/patches/150-no_engines.patch | 2 ±
…/openssl/patches/160-disable_doc_tests.patch | 14 ++++++±------
…/patches/190-remove_timestamp_check.patch | 4 +±-
…/openssl/patches/200-parallel_build.patch | 14 ++++++±------
6 files changed, 20 insertions(+), 20 deletions(-)

References

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3197

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0701

git.openwrt.org/?p=15.05/openwrt.git;a=commit;h=87e9837a818a71f39c445ee33569279bd78451de

ibm 59

nodejsblog 2

altlinux 4

openwrt 1

nessus 37

freebsd 4

fedora 1

thn 1

cert 1

openvas 32

mageia 1

cisco 1

symantec 1

archlinux 4

f5 5

hackerone 2

veracode 3

intothesymmetry 3

debiancve 3

freebsd_advisory 2

prion 4

slackware 1

openssl 4

ubuntucve 3

fortinet 1

ubuntu 1

cve 4

osv 2

debian 1

gentoo 1

redhat 5

aix 1

redhatcve 1

seebug 1

kaspersky 1

centos 1

ibm

Security Bulletin: OpenSSL 1.0.2 and 1.0.1 vulnerabilities (CVE-2016-0701 and CVE-2015-3197)

2018-12-08 04:55:34

Security Bulletin: Vulnerabilities in OpenSSL affect IBM Image Construction and Composition Tool. (CVE-2016-0701, CVE-2015-3197)

2018-06-15 07:05:52

Security Bulletin: Vulnerabilities in OpenSSL affect Rational Application Developer for WebSphere Software (CVE-2016-0701, CVE-2015-3197)

2020-02-05 00:09:48

nodejsblog

OpenSSL upgrade low-severity Node.js security fixes

2016-01-27 00:00:00

February 2016 Security Release Summary

2016-02-09 00:00:00

altlinux

Security fix for the ALT Linux 7 package openssl10 version 1.0.1r-alt0.M70P.1

2016-01-28 00:00:00

Security fix for the ALT Linux 8 package openssl10 version 1.0.2f-alt1

2016-01-28 00:00:00

Security fix for the ALT Linux 9 package openssl1.1 version 1.0.2f-alt1

2016-01-28 00:00:00

openwrt

openssl: Security update (2 CVEs)

2016-01-29 15:48:20

nessus

Fedora 23 : openssl-1.0.2f-1.fc23 (2016-527018d2ff)

2016-03-04 00:00:00

FreeBSD : openssl -- multiple vulnerabilities (3679fd10-c5d1-11e5-b85f-0018fe623f2b)

2016-01-29 00:00:00

OpenSSL 1.0.2 < 1.0.2f Multiple Vulnerabilities (Logjam)

2016-02-02 00:00:00

freebsd

openssl -- multiple vulnerabilities

2016-01-22 00:00:00

OpenSSL -- BN_mod_exp incorrect results on MIPS

2022-01-28 00:00:00

OpenSSL -- multiple vulnerabilities

2017-12-07 00:00:00

fedora

[SECURITY] Fedora 23 Update: openssl-1.0.2f-1.fc23

2016-01-30 18:23:36

thn

Critical OpenSSL Flaw Allows Hackers to Decrypt HTTPS Traffic

2016-01-28 22:01:00

cert

OpenSSL re-uses unsafe prime numbers in Diffie-Hellman protocol

2016-01-28 00:00:00

openvas

HPE Network Products Remote Unauthorized Disclosure of Information Vulnerability

2017-02-20 00:00:00

Gentoo Security Advisory GLSA 201601-05

2016-02-01 00:00:00

Mageia: Security Advisory (MGASA-2016-0056)

2016-02-11 00:00:00

mageia

Updated openssl packages fix security vulnerabilities

2016-02-09 16:05:25

cisco

Multiple Vulnerabilities in OpenSSL (January 2016) Affecting Cisco Products

2016-01-29 16:00:00

symantec

SA111 : OpenSSL Vulnerabilities 28-Jan-2016

2016-02-18 08:00:00

archlinux

openssl: man-in-the-middle

2016-01-29 00:00:00

lib32-openssl: man-in-the-middle

2016-01-29 00:00:00

[ASA-201804-6] lib32-openssl: private key recovery

2018-04-15 00:00:00

SOL33209124 - OpenSSL vulnerability CVE-2015-3197

2016-01-28 00:00:00

SOL64009378 - OpenSSL vulnerability CVE-2016-0701

2016-01-28 00:00:00

K33209124 : OpenSSL vulnerability CVE-2015-3197

2016-01-29 00:00:00

hackerone

Internet Bug Bounty: SSLv2 doesn't block disabled ciphers (CVE-2015-3197)

2016-09-07 17:41:26

Internet Bug Bounty: OpenSSL Key Recovery Attack on DH small subgroups (CVE-2016-0701)

2016-01-28 16:56:21

veracode

Unsafe Number Generation

2017-02-06 03:20:38

Cipher Bypass

2017-02-10 00:52:27

Cipher Bypass

2019-01-15 09:10:14

intothesymmetry

The Curious Case of WebCrypto Diffie-Hellman on Firefox - Small Subgroups Key Recovery Attack on DH

2020-01-07 15:08:00

The RFC 5114 saga

2016-10-20 12:16:00

OpenSSL Key Recovery Attack on DH small subgroups (CVE-2016-0701)

2016-01-29 05:19:00

debiancve

CVE-2015-3197

2016-02-15 02:59:00

CVE-2016-0701

2016-02-15 02:59:00

CVE-2021-4160

2022-01-28 22:15:00

freebsd_advisory

FreeBSD-SA-16:11.openssl

2016-01-30 00:00:00

FreeBSD-SA-17:12.openssl

2017-12-09 00:00:00

prion

Design/Logic Flaw

2016-02-15 02:59:00

Design/Logic Flaw

2016-02-15 02:59:00

Design/Logic Flaw

2016-01-29 11:59:00

slackware

[slackware-security] openssl

2016-02-04 00:06:23

openssl

Vulnerability in OpenSSL CVE-2015-3197

2016-01-28 00:00:00

Vulnerability in OpenSSL CVE-2016-0701

2016-01-28 00:00:00

Vulnerability in OpenSSL CVE-2021-4160

2022-01-28 00:00:00

ubuntucve

CVE-2016-0701

2016-01-28 00:00:00

CVE-2015-3197

2016-01-28 00:00:00

CVE-2021-4160

2022-01-28 00:00:00

fortinet

OpenSSL Advisory - January 2016

2016-07-12 00:00:00

ubuntu

OpenSSL vulnerability

2016-01-28 00:00:00

cve

CVE-2016-0701

2016-02-15 02:59:00

CVE-2015-3197

2016-02-15 02:59:00

CVE-2021-4160

2022-01-28 22:15:00

osv

openssl - security update

2016-02-20 00:00:00

CVE-2021-4160

2022-01-28 22:15:15

debian

[SECURITY] [DLA 421-1] openssl security update

2016-02-20 12:34:52

gentoo

OpenSSL: Multiple vulnerabilities

2016-01-29 00:00:00

redhat

(RHSA-2016:0305) Important: openssl security update

2016-03-01 00:00:00

(RHSA-2016:0302) Important: openssl security update

2016-03-01 00:00:00

(RHSA-2016:0446) Important: Red Hat JBoss Web Server 3.0.2 OpenSSL Security Update

2016-03-14 19:56:43

aix

Vulnerabilities in OpenSSL affect AIX

2016-03-02 08:43:07

redhatcve

CVE-2021-4160

2022-01-31 17:57:31

seebug

Cross-protocol attack on TLS using SSLv2 (DROWN) (CVE-2016-0800)

2016-03-02 00:00:00

kaspersky

KLA10798 Multiple vulnerabilities at Oracle VM VirtualBox

2016-04-19 00:00:00

centos

openssl security update

2016-03-01 16:57:33

Products

Security Intelligence
Non-intrusive assessment
Developers SDK
Windows scanner
Linux scanner
Perimeter control tool
MSSP

Database

Vulnerabilities
Exploits
IOC
Security News
BugBounty
Popular
Wild Exploited
Top Vulnerabilities

Tools

Linux Security Scanner
API integration
Subscriptions
Plugins
Manual Audit

Learn More

Stats
API
Docs
Api-keys
License
Pricing
Glossary
FAQ

Company

Blog
Contacts
About Us
OpenSource
EULA
Brand Guideline
Privacy Policy

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply. All product names, logos, and brands are property of their respective owners. All company, product and service names used in this website are for identification purposes only. Use of these names, logos, and brands does not imply endorsement.If you are an owner of some content and want it to be removed, please contact us. Using Vulners services you are accepting Vulners services end-user license agreement

@2024 Vulners Inc

openssl: Security update (2 CVEs)

References

Related