This update for OpenSSL fixes the following security issues:
* CVE-2016-2105: EVP_EncodeUpdate overflow (bsc#977614)
* CVE-2016-2106: EVP_EncryptUpdate overflow (bsc#977615)
* CVE-2016-2108: Memory corruption in the ASN.1 encoder (bsc#977617)
* CVE-2016-2109: ASN.1 BIO excessive memory allocation (bsc#976942)
* CVE-2016-0702: Side channel attack on modular exponentiation
"CacheBleed" (bsc#968050)
Additionally, the following non-security issues have been fixed:
* Fix buffer overrun in ASN1_parse. (bsc#976943)
* Allow weak DH groups. (bsc#973223)
Security Issues:
* CVE-2016-2105
<<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2105">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2105</a>>
* CVE-2016-2106
<<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2106">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2106</a>>
* CVE-2016-2108
<<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2108">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2108</a>>
* CVE-2016-2109
<<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2109">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2109</a>>
* CVE-2016-0702
<<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0702">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0702</a>>