Mehrere Probleme in OpenSSL
ID: | FEDORA-2016-a555159613 |
Distribution: | Fedora |
Plattformen: | Fedora 24 |
Datum: | Mi, 28. September 2016, 07:42 |
Referenzen: | http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2178
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6302 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2181 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7052 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2177 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6306 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2180 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6304 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2182 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2179 |
Applikationen: | OpenSSL |
Originalnachricht |
|
Name : openssl Product : Fedora 24 Version : 1.0.2j Release : 1.fc24 URL : http://www.openssl.org/ Summary : Utilities from the general purpose cryptography library with TLS implementation Description : The OpenSSL toolkit provides support for secure communications between machines. OpenSSL includes a certificate management tool and shared libraries which provide various cryptographic algorithms and protocols. -------------------------------------------------------------------------------- Update Information: Update from upstream with multiple security issues fixed. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1377600 - CVE-2016-6304 openssl: OCSP Status Request extension unbounded memory growth https://bugzilla.redhat.com/show_bug.cgi?id=1377600 [ 2 ] Bug #1377594 - CVE-2016-6306 openssl: certificate message OOB reads https://bugzilla.redhat.com/show_bug.cgi?id=1377594 [ 3 ] Bug #1369855 - CVE-2016-6302 openssl: Insufficient TLS session ticket HMAC length checks https://bugzilla.redhat.com/show_bug.cgi?id=1369855 [ 4 ] Bug #1369504 - CVE-2016-2179 openssl: DTLS memory exhaustion DoS when messages are not removed from fragment buffer https://bugzilla.redhat.com/show_bug.cgi?id=1369504 [ 5 ] Bug #1369113 - CVE-2016-2181 openssl: DTLS replay protection bypass allows DoS against DTLS connection https://bugzilla.redhat.com/show_bug.cgi?id=1369113 [ 6 ] Bug #1367340 - CVE-2016-2182 openssl: Out-of-bounds write caused by unchecked errors in BN_bn2dec() https://bugzilla.redhat.com/show_bug.cgi?id=1367340 [ 7 ] Bug #1359615 - CVE-2016-2180 OpenSSL: OOB read in TS_OBJ_print_bio() https://bugzilla.redhat.com/show_bug.cgi?id=1359615 [ 8 ] Bug #1343400 - CVE-2016-2178 openssl: Non-constant time codepath followed for certain operations in DSA implementation https://bugzilla.redhat.com/show_bug.cgi?id=1343400 [ 9 ] Bug #1341705 - CVE-2016-2177 openssl: Possible integer overflow vulnerabilities in codebase https://bugzilla.redhat.com/show_bug.cgi?id=1341705 [ 10 ] Bug #1379310 - CVE-2016-7052 openssl: Missing CRL sanity check https://bugzilla.redhat.com/show_bug.cgi?id=1379310 -------------------------------------------------------------------------------- This update can be installed with the "yum" update program. Use su -c 'yum update openssl' at the command line. For more information, refer to "Managing Software with yum", available at https://docs.fedoraproject.org/yum/. All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys -------------------------------------------------------------------------------- _______________________________________________ package-announce mailing list -- package-announce@lists.fedoraproject.org To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org |