--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2017-3451dbec48
2017-02-07 22:20:34.555989
--------------------------------------------------------------------------------

Name        : openssl
Product     : Fedora 25
Version     : 1.0.2k
Release     : 1.fc25
URL         : https://www.openssl.org:443/
Summary     : Utilities from the general purpose cryptography library with TLS implementation
Description :
The OpenSSL toolkit provides support for secure communications between
machines. OpenSSL includes a certificate management tool and shared
libraries which provide various cryptographic algorithms and
protocols.

--------------------------------------------------------------------------------
Update Information:

Minor upstream release fixing CVE-2016-8610, CVE-2017-3731, CVE-2017-3732.
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #1384743 - CVE-2016-8610 SSL/TLS: Malformed plain-text ALERT packets could cause remote DoS
        https://bugzilla.redhat.com/show_bug.cgi?id=1384743
  [ 2 ] Bug #1416856 - CVE-2017-3732 openssl: BN_mod_exp may produce incorrect results on x86_64
        https://bugzilla.redhat.com/show_bug.cgi?id=1416856
  [ 3 ] Bug #1416852 - CVE-2017-3731 openssl: Truncated packet could crash via OOB read
        https://bugzilla.redhat.com/show_bug.cgi?id=1416852
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade openssl' at the command line.
For more information, refer to the dnf documentation available at
https://dnf.readthedocs.io/en/latest/command_ref.html

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/security/
--------------------------------------------------------------------------------
_______________________________________________
package-announce mailing list -- package-announce@lists.fedoraproject.org
To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org

Fedora 25: openssl Security Update

February 8, 2017
Minor upstream release fixing CVE-2016-8610, CVE-2017-3731, CVE-2017-3732.

Summary

The OpenSSL toolkit provides support for secure communications between

machines. OpenSSL includes a certificate management tool and shared

libraries which provide various cryptographic algorithms and

protocols.

Update Information:

Minor upstream release fixing CVE-2016-8610, CVE-2017-3731, CVE-2017-3732.

Change Log

References

[ 1 ] Bug #1384743 - CVE-2016-8610 SSL/TLS: Malformed plain-text ALERT packets could cause remote DoS https://bugzilla.redhat.com/show_bug.cgi?id=1384743 [ 2 ] Bug #1416856 - CVE-2017-3732 openssl: BN_mod_exp may produce incorrect results on x86_64 https://bugzilla.redhat.com/show_bug.cgi?id=1416856 [ 3 ] Bug #1416852 - CVE-2017-3731 openssl: Truncated packet could crash via OOB read https://bugzilla.redhat.com/show_bug.cgi?id=1416852

Update Instructions

This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade openssl' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html

Severity
Name : openssl
Product : Fedora 25
Version : 1.0.2k
Release : 1.fc25
URL : https://www.openssl.org:443/
Summary : Utilities from the general purpose cryptography library with TLS implementation

Related News

Linux Mint 22: Elevating Security and Usability for Admins
3 - 5 min read
Linux Mint has has long been recognized as a versatile and user-friendly distribution and has earned great popularity among administrators and
Exim 4.98 Addresses Critical Vulnerabilities, Bolsters Email Server Security
2 - 4 min read
Exim is one of Unix-like systems' most widely used mail transfer agents. It's essential for email delivery and handling and is a significant part of
Recent OpenSSH RCE Bug Explained: Impact & Mitigations
2 - 4 min read
In an era where cybersecurity threats loom larger than ever, the discovery of a Remote Code Execution (RCE) vulnerability in OpenSSH by Qualys’
CVE-2024-4577: A Swiftly Weaponized Vulnerability for Ransomware Distribution
2 - 4 min read
Security researchers recently issued an update detailing how attackers are exploiting a PHP code execution vulnerability to spread TellYouThePass
Play Ransomware Group Unleashes New Threat on ESXi Environments: Analysis & Mitigation Strategies
3 - 5 min read
The Play ransomware group, well-known for its double-extortion tactics, recently unveiled a Linux variant targeting ESXi environments. This
Critical Linux Kernel Vulnerabilities Patched in Ubuntu Azure Systems
2 - 4 min read
Canonical has fixed several recently identified critical Linux kernel vulnerabilities in July 2024. These vulnerabilities primarily affect Microsoft
The Urgent Need for Secure Software Development: New Report Serves as a Wake-Up Call for the Industry
3 - 5 min read
The Linux Foundation and Open Source Security Foundation recently published a report entitled "Secure Software Development Education 2024
Severe Linux Kernel Privilege Escalation Bugs Could Compromise Entire Systems
2 - 4 min read
The Cybersecurity and Infrastructure Security Agency (CISA) recently added a new Linux kernel privilege escalation bug ( CVE-2024-1086 ) to its

Get the Latest News & Insights

Sign up to get the latest security news affecting Linux and open source delivered straight to your inbox.

© 2024 Guardian Digital, Inc All Rights Reserved