Lucene search

K
suseSuseSUSE-SU-2016:1360-1
HistoryMay 19, 2016 - 7:09 p.m.

Security update for openssl (important)

2016-05-1919:09:52
lists.opensuse.org
27

EPSS

0.895

Percentile

98.8%

This update for OpenSSL fixes the following security issues:

   * CVE-2016-2105: EVP_EncodeUpdate overflow (bsc#977614)
   * CVE-2016-2106: EVP_EncryptUpdate overflow (bsc#977615)
   * CVE-2016-2108: Memory corruption in the ASN.1 encoder (bsc#977617)
   * CVE-2016-2109: ASN.1 BIO excessive memory allocation (bsc#976942)
   * CVE-2016-0702: Side channel attack on modular exponentiation
     "CacheBleed" (bsc#968050)

Additionally, the following non-security issues have been fixed:

   * Fix buffer overrun in ASN1_parse. (bsc#976943)
   * Allow weak DH groups. (bsc#973223)

Security Issues:

   * CVE-2016-2105
     &lt;<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2105">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2105</a>&gt;
   * CVE-2016-2106
     &lt;<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2106">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2106</a>&gt;
   * CVE-2016-2108
     &lt;<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2108">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2108</a>&gt;
   * CVE-2016-2109
     &lt;<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2109">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2109</a>&gt;
   * CVE-2016-0702
     &lt;<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0702">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0702</a>&gt;