Lucene search

K
oraclelinuxOracleLinuxELSA-2016-1137
HistoryMay 31, 2016 - 12:00 a.m.

openssl security update

2016-05-3100:00:00
linux.oracle.com
53

0.898 High

EPSS

Percentile

98.5%

[0.9.8e-40.0.1]

  • To disable SSLv2 client connections create the file
    /etc/sysconfig/openssl-ssl-client-kill-sslv2 (John Haxby) [orabug 21673934]
  • Backport openssl 08-Jan-2015 security fixes (John Haxby) [orabug 20409893]
  • fix CVE-2014-3570 - Bignum squaring may produce incorrect results
  • fix CVE-2014-3571 - DTLS segmentation fault in dtls1_get_record
  • fix CVE-2014-3572 - ECDHE silently downgrades to ECDH [Client]
    [0.9.8e-40]
  • fix CVE-2016-2108 - memory corruption in ASN.1 encoder