Lucene search

K
suseSuseOPENSUSE-SU-2016:1238-1
HistoryMay 05, 2016 - 1:08 p.m.

Security update for openssl (important)

2016-05-0513:08:31
lists.opensuse.org
29

EPSS

0.969

Percentile

99.7%

This update for openssl fixes the following issues:

  • CVE-2016-2108: Memory corruption in the ASN.1 encoder (boo#977617)
  • CVE-2016-2107: Padding oracle in AES-NI CBC MAC check (boo#977616)
  • CVE-2016-2105: EVP_EncodeUpdate overflow (boo#977614)
  • CVE-2016-2106: EVP_EncryptUpdate overflow (boo#977615)
  • CVE-2016-2109: ASN.1 BIO excessive memory allocation (boo#976942)
  • boo#976943: Buffer overrun in ASN1_parse
  • boo#977621: Preserve digests for SNI
  • boo#958501: Fix openssl enc -non-fips-allow option in FIPS mode