Name        : openssl
Product     : Fedora 24
Version     : 1.0.2j
Release     : 1.fc24
URL         : http://www.openssl.org/
Summary     : Utilities from the general purpose cryptography library with TLS
 implementation
Description :
The OpenSSL toolkit provides support for secure communications between
machines. OpenSSL includes a certificate management tool and shared
libraries which provide various cryptographic algorithms and
protocols.

-------------------------------------------------------------------------------
-
Update Information:

Update from upstream with multiple security issues fixed.
-------------------------------------------------------------------------------
-
References:

  [ 1 ] Bug #1377600 - CVE-2016-6304 openssl: OCSP Status Request extension
 unbounded memory growth
        https://bugzilla.redhat.com/show_bug.cgi?id=1377600
  [ 2 ] Bug #1377594 - CVE-2016-6306 openssl: certificate message OOB reads
        https://bugzilla.redhat.com/show_bug.cgi?id=1377594
  [ 3 ] Bug #1369855 - CVE-2016-6302 openssl: Insufficient TLS session ticket
 HMAC length checks
        https://bugzilla.redhat.com/show_bug.cgi?id=1369855
  [ 4 ] Bug #1369504 - CVE-2016-2179 openssl: DTLS memory exhaustion DoS when
 messages are not removed from fragment buffer
        https://bugzilla.redhat.com/show_bug.cgi?id=1369504
  [ 5 ] Bug #1369113 - CVE-2016-2181 openssl: DTLS replay protection bypass
 allows DoS against DTLS connection
        https://bugzilla.redhat.com/show_bug.cgi?id=1369113
  [ 6 ] Bug #1367340 - CVE-2016-2182 openssl: Out-of-bounds write caused by
 unchecked errors in BN_bn2dec()
        https://bugzilla.redhat.com/show_bug.cgi?id=1367340
  [ 7 ] Bug #1359615 - CVE-2016-2180 OpenSSL: OOB read in TS_OBJ_print_bio()
        https://bugzilla.redhat.com/show_bug.cgi?id=1359615
  [ 8 ] Bug #1343400 - CVE-2016-2178 openssl: Non-constant time codepath
 followed for certain operations in DSA implementation
        https://bugzilla.redhat.com/show_bug.cgi?id=1343400
  [ 9 ] Bug #1341705 - CVE-2016-2177 openssl: Possible integer overflow
 vulnerabilities in codebase
        https://bugzilla.redhat.com/show_bug.cgi?id=1341705
  [ 10 ] Bug #1379310 - CVE-2016-7052 openssl: Missing CRL sanity check
        https://bugzilla.redhat.com/show_bug.cgi?id=1379310
-------------------------------------------------------------------------------
-

This update can be installed with the "yum" update program. Use
su -c 'yum update openssl' at the command line.
For more information, refer to "Managing Software with yum",
available at https://docs.fedoraproject.org/yum/.

All packages are signed with the Fedora Project GPG key.  More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
-------------------------------------------------------------------------------
-
_______________________________________________
package-announce mailing list -- package-announce@lists.fedoraproject.org
To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org