Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 454
Alerts This Week
Warning Icon 1 454

Fedora 24: 2016-1411324654 Critical: OpenSSL Memory Corruption

fedora
Calendar Grey May 7, 2016
Dist Fedora Esm H88
Important security patch for Fedora 24 aimed at resolving several OpenSSL flaws to enhance overall system stability.
Security fix for CVE-2016-2108, CVE-2016-2107, CVE-2016-2105, CVE-2016-2106

Summary

The OpenSSL toolkit provides support for secure communications between

machines. OpenSSL includes a certificate management tool and shared

libraries which provide various cryptographic algorithms and

protocols.

Update Information:

Security fix for CVE-2016-2108, CVE-2016-2107, CVE-2016-2105, CVE-2016-2106

Change Log

References


[ 1 ] Bug #1331536 - CVE-2016-2106 openssl: EVP_EncryptUpdate overflow https://bugzilla.redhat.com/show_bug.cgi?id=1331536 [ 2 ] Bug #1331441 - CVE-2016-2105 openssl: EVP_EncodeUpdate overflow https://bugzilla.redhat.com/show_bug.cgi?id=1331441 [ 3 ] Bug #1331426 - CVE-2016-2107 openssl: Padding oracle in AES-NI CBC MAC check https://bugzilla.redhat.com/show_bug.cgi?id=1331426 [ 4 ] Bug #1331402 - CVE-2016-2108 openssl: Memory corruption in the ASN.1 encoder https://bugzilla.redhat.com/show_bug.cgi?id=1331402

Update Instructions

This update can be installed with the "yum" update program. Use su -c 'yum update openssl' at the command line. For more information, refer to "Managing Software with yum", available at .

Severity
critical
Lowest
Low
Medium
High
Critical

Name: openssl
Product: Fedora 24
Version: 1.0.2h
Release: 1.fc24
Summary: Utilities from the general purpose cryptography library with TLS implementation

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.