Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 540
Alerts This Week
Warning Icon 1 540

Fedora: Critical OpenSSL Fix CVE-2016-2108 Memory Corruption Issue

fedora
Calendar Grey May 10, 2016
Dist Fedora Esm H88
Stay informed on crucial patches pertaining to openssl vulnerabilities and their potential impacts for Fedora 22 patrons in this comprehensive notice.
Security fix for CVE-2016-2108, CVE-2016-2107, CVE-2016-2105, CVE-2016-2106

Summary

The OpenSSL toolkit provides support for secure communications between

machines. OpenSSL includes a certificate management tool and shared

libraries which provide various cryptographic algorithms and

protocols.

Update Information:

Security fix for CVE-2016-2108, CVE-2016-2107, CVE-2016-2105, CVE-2016-2106

Change Log

References


[ 1 ] Bug #1331536 - CVE-2016-2106 openssl: EVP_EncryptUpdate overflow https://bugzilla.redhat.com/show_bug.cgi?id=1331536 [ 2 ] Bug #1331441 - CVE-2016-2105 openssl: EVP_EncodeUpdate overflow https://bugzilla.redhat.com/show_bug.cgi?id=1331441 [ 3 ] Bug #1331426 - CVE-2016-2107 openssl: Padding oracle in AES-NI CBC MAC check https://bugzilla.redhat.com/show_bug.cgi?id=1331426 [ 4 ] Bug #1331402 - CVE-2016-2108 openssl: Memory corruption in the ASN.1 encoder https://bugzilla.redhat.com/show_bug.cgi?id=1331402

Update Instructions

This update can be installed with the "yum" update program. Use su -c 'yum update openssl' at the command line. For more information, refer to "Managing Software with yum", available at .

Severity
critical
Lowest
Low
Medium
High
Critical

Name: openssl
Product: Fedora 22
Version: 1.0.1k
Release: 15.fc22
Summary: Utilities from the general purpose cryptography library with TLS implementation

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.