Fedora alert FEDORA-2016-97454404fe (openssl)
| From: | updates@fedoraproject.org | |
| To: | package-announce@lists.fedoraproject.org | |
| Subject: | [SECURITY] Fedora 23 Update: openssl-1.0.2j-1.fc23 | |
| Date: | Tue, 11 Oct 2016 23:24:05 +0000 (UTC) | |
| Message-ID: | <20161011232405.D917260C7478@bastion01.phx2.fedoraproject.org> |
-------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2016-97454404fe 2016-10-11 15:41:14.519190 -------------------------------------------------------------------------------- Name : openssl Product : Fedora 23 Version : 1.0.2j Release : 1.fc23 URL : http://www.openssl.org/ Summary : Utilities from the general purpose cryptography library with TLS implementation Description : The OpenSSL toolkit provides support for secure communications between machines. OpenSSL includes a certificate management tool and shared libraries which provide various cryptographic algorithms and protocols. -------------------------------------------------------------------------------- Update Information: Update from upstream with multiple security issues fixed. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1377600 - CVE-2016-6304 openssl: OCSP Status Request extension unbounded memory growth https://bugzilla.redhat.com/show_bug.cgi?id=1377600 [ 2 ] Bug #1377594 - CVE-2016-6306 openssl: certificate message OOB reads https://bugzilla.redhat.com/show_bug.cgi?id=1377594 [ 3 ] Bug #1369855 - CVE-2016-6302 openssl: Insufficient TLS session ticket HMAC length checks https://bugzilla.redhat.com/show_bug.cgi?id=1369855 [ 4 ] Bug #1369504 - CVE-2016-2179 openssl: DTLS memory exhaustion DoS when messages are not removed from fragment buffer https://bugzilla.redhat.com/show_bug.cgi?id=1369504 [ 5 ] Bug #1369113 - CVE-2016-2181 openssl: DTLS replay protection bypass allows DoS against DTLS connection https://bugzilla.redhat.com/show_bug.cgi?id=1369113 [ 6 ] Bug #1367340 - CVE-2016-2182 openssl: Out-of-bounds write caused by unchecked errors in BN_bn2dec() https://bugzilla.redhat.com/show_bug.cgi?id=1367340 [ 7 ] Bug #1359615 - CVE-2016-2180 OpenSSL: OOB read in TS_OBJ_print_bio() https://bugzilla.redhat.com/show_bug.cgi?id=1359615 [ 8 ] Bug #1343400 - CVE-2016-2178 openssl: Non-constant time codepath followed for certain operations in DSA implementation https://bugzilla.redhat.com/show_bug.cgi?id=1343400 [ 9 ] Bug #1341705 - CVE-2016-2177 openssl: Possible integer overflow vulnerabilities in codebase https://bugzilla.redhat.com/show_bug.cgi?id=1341705 [ 10 ] Bug #1379310 - CVE-2016-7052 openssl: Missing CRL sanity check https://bugzilla.redhat.com/show_bug.cgi?id=1379310 -------------------------------------------------------------------------------- This update can be installed with the "yum" update program. Use su -c 'yum update openssl' at the command line. For more information, refer to "Managing Software with yum", available at https://docs.fedoraproject.org/yum/. All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys -------------------------------------------------------------------------------- _______________________________________________ package-announce mailing list -- package-announce@lists.fedoraproject.org To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org