Oracle Linux 5 ELSA-2016-1137 Critical: OpenSSL Memory Corruption
oracle
May 31, 2016
The following updated rpms for Oracle Linux 5 have been uploaded to the Unbreakable Linux Network:
Summary
[0.9.8e-40.0.1] - To disable SSLv2 client connections create the file /etc/sysconfig/openssl-ssl-client-kill-sslv2 (John Haxby) [orabug 21673934] - Backport openssl 08-Jan-2015 security fixes (John Haxby) [orabug 20409893] - fix CVE-2014-3570 - Bignum squaring may produce incorrect results - fix CVE-2014-3571 - DTLS segmentation fault in dtls1_get_record - fix CVE-2014-3572 - ECDHE silently downgrades to ECDH [Client] [0.9.8e-40] - fix CVE-2016-2108 - memory corruption in ASN.1 encoder
Topics Covered
SRPMs
https://oss.oracle.com:443/ol5/SRPMS-updates/openssl-0.9.8e-40.0.1.el5_11.src.rpm
x86_64
openssl-0.9.8e-40.0.1.el5_11.i686.rpm openssl-0.9.8e-40.0.1.el5_11.x86_64.rpm openssl-devel-0.9.8e-40.0.1.el5_11.i386.rpm openssl-devel-0.9.8e-40.0.1.el5_11.x86_64.rpm openssl-perl-0.9.8e-40.0.1.el5_11.x86_64.rpm ia64: openssl-0.9.8e-40.0.1.el5_11.i686.rpm openssl-0.9.8e-40.0.1.el5_11.ia64.rpm openssl-devel-0.9.8e-40.0.1.el5_11.ia64.rpm openssl-perl-0.9.8e-40.0.1.el5_11.ia64.rpm
aarch64
PREVIOUS
NEXT
Severity
critical
Lowest
Low
Medium
High
Critical
Topics Covered
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!