ELSA-2016-0996

ELSA-2016-0996 - openssl security update

Type:	SECURITY
Impact:	IMPORTANT
Release Date:	2016-05-12

Description

[1.0.1e-48.1]
- fix CVE-2016-2105 - possible overflow in base64 encoding
- fix CVE-2016-2106 - possible overflow in EVP_EncryptUpdate()
- fix CVE-2016-2107 - padding oracle in stitched AES-NI CBC-MAC
- fix CVE-2016-2108 - memory corruption in ASN.1 encoder
- fix CVE-2016-2109 - possible DoS when reading ASN.1 data from BIO
- fix CVE-2016-0799 - memory issues in BIO_printf

[1.0.1e-48]
- fix CVE-2016-0702 - side channel attack on modular exponentiation
- fix CVE-2016-0705 - double-free in DSA private key parsing
- fix CVE-2016-0797 - heap corruption in BN_hex2bn and BN_dec2bn

[1.0.1e-47]
- fix CVE-2015-3197 - SSLv2 ciphersuite enforcement
- disable SSLv2 in the generic TLS method

[1.0.1e-46]
- fix 1-byte memory leak in pkcs12 parse (#1229871)
- document some options of the speed command (#1197095)

[1.0.1e-45]
- fix high-precision timestamps in timestamping authority

[1.0.1e-44]
- fix CVE-2015-7575 - disallow use of MD5 in TLS1.2

[1.0.1e-43]
- fix CVE-2015-3194 - certificate verify crash with missing PSS parameter
- fix CVE-2015-3195 - X509_ATTRIBUTE memory leak
- fix CVE-2015-3196 - race condition when handling PSK identity hint

Related CVEs

CVE-2016-2106

CVE-2016-2108

CVE-2016-2109

CVE-2016-0799

CVE-2016-2105

CVE-2016-2842

CVE-2016-2107

Updated Packages

Release/Architecture	Filename	sha256	Superseded By Advisory	Channel Label
Oracle Linux 6 (i386)	openssl-1.0.1e-48.el6_8.1.src.rpm	900f8e5f4820463a4fce01db725354e52ff02efe5d169bfcb83948dcc501736f	ELSA-2023-12326	ol6_i386_latest_archive
	openssl-1.0.1e-48.el6_8.1.src.rpm	900f8e5f4820463a4fce01db725354e52ff02efe5d169bfcb83948dcc501736f	ELSA-2023-12326	ol6_u8_i386_patch
	openssl-1.0.1e-48.el6_8.1.i686.rpm	2e5646e447be6938f33bd881bcede70c40c3e250c196cde2f8a18e49204f3e63	ELSA-2023-12326	ol6_i386_latest_archive
	openssl-1.0.1e-48.el6_8.1.i686.rpm	2e5646e447be6938f33bd881bcede70c40c3e250c196cde2f8a18e49204f3e63	ELSA-2023-12326	ol6_u8_i386_patch
	openssl-devel-1.0.1e-48.el6_8.1.i686.rpm	edc6b2b421196af0f6a35848cb36c6ccc184b530519519d5fa01cfea005b476b	ELSA-2023-12326	ol6_i386_latest_archive
	openssl-devel-1.0.1e-48.el6_8.1.i686.rpm	edc6b2b421196af0f6a35848cb36c6ccc184b530519519d5fa01cfea005b476b	ELSA-2023-12326	ol6_u8_i386_patch
	openssl-perl-1.0.1e-48.el6_8.1.i686.rpm	672f8727410ad98a51246c268a0669c2254065141d40ab41f501e5e5757b9b59	ELSA-2023-12326	ol6_i386_latest_archive
	openssl-perl-1.0.1e-48.el6_8.1.i686.rpm	672f8727410ad98a51246c268a0669c2254065141d40ab41f501e5e5757b9b59	ELSA-2023-12326	ol6_u8_i386_patch
	openssl-static-1.0.1e-48.el6_8.1.i686.rpm	00efb6e68067bfdd13866853701273cfedf29c3c5f6bd4249539e67ba176d9ba	ELSA-2023-12326	ol6_i386_latest_archive
	openssl-static-1.0.1e-48.el6_8.1.i686.rpm	00efb6e68067bfdd13866853701273cfedf29c3c5f6bd4249539e67ba176d9ba	ELSA-2023-12326	ol6_u8_i386_patch
Oracle Linux 6 (x86_64)	openssl-1.0.1e-48.el6_8.1.src.rpm	900f8e5f4820463a4fce01db725354e52ff02efe5d169bfcb83948dcc501736f	ELSA-2023-12326	ol6_u8_x86_64_patch
	openssl-1.0.1e-48.el6_8.1.src.rpm	900f8e5f4820463a4fce01db725354e52ff02efe5d169bfcb83948dcc501736f	ELSA-2023-12326	ol6_x86_64_latest_archive
	openssl-1.0.1e-48.el6_8.1.i686.rpm	2e5646e447be6938f33bd881bcede70c40c3e250c196cde2f8a18e49204f3e63	ELSA-2023-12326	ol6_u8_x86_64_patch
	openssl-1.0.1e-48.el6_8.1.i686.rpm	2e5646e447be6938f33bd881bcede70c40c3e250c196cde2f8a18e49204f3e63	ELSA-2023-12326	ol6_x86_64_latest_archive
	openssl-1.0.1e-48.el6_8.1.x86_64.rpm	5aeb3ddf640c49fe5416a9185f566441ff7834168f56b04e4595a8bcb240b586	ELSA-2023-12326	exadata_dbserver_12.1.2.2.3_x86_64_base
	openssl-1.0.1e-48.el6_8.1.x86_64.rpm	5aeb3ddf640c49fe5416a9185f566441ff7834168f56b04e4595a8bcb240b586	ELSA-2023-12326	exadata_dbserver_12.1.2.3.2_x86_64_base
	openssl-1.0.1e-48.el6_8.1.x86_64.rpm	5aeb3ddf640c49fe5416a9185f566441ff7834168f56b04e4595a8bcb240b586	ELSA-2023-12326	ol6_u8_x86_64_patch
	openssl-1.0.1e-48.el6_8.1.x86_64.rpm	5aeb3ddf640c49fe5416a9185f566441ff7834168f56b04e4595a8bcb240b586	ELSA-2023-12326	ol6_x86_64_latest_archive
	openssl-devel-1.0.1e-48.el6_8.1.i686.rpm	edc6b2b421196af0f6a35848cb36c6ccc184b530519519d5fa01cfea005b476b	ELSA-2023-12326	ol6_u8_x86_64_patch
	openssl-devel-1.0.1e-48.el6_8.1.i686.rpm	edc6b2b421196af0f6a35848cb36c6ccc184b530519519d5fa01cfea005b476b	ELSA-2023-12326	ol6_x86_64_latest_archive
	openssl-devel-1.0.1e-48.el6_8.1.x86_64.rpm	a73265aea97646ad7bd18977bcbb8c5df6b1eaa61d7a8a913a504767dcadf00f	ELSA-2023-12326	ol6_u8_x86_64_patch
	openssl-devel-1.0.1e-48.el6_8.1.x86_64.rpm	a73265aea97646ad7bd18977bcbb8c5df6b1eaa61d7a8a913a504767dcadf00f	ELSA-2023-12326	ol6_x86_64_latest_archive
	openssl-perl-1.0.1e-48.el6_8.1.x86_64.rpm	72b14887aa735255f57527ca3df3d7377dcce4925550ddfa115b3346bd6ed016	ELSA-2023-12326	ol6_u8_x86_64_patch
	openssl-perl-1.0.1e-48.el6_8.1.x86_64.rpm	72b14887aa735255f57527ca3df3d7377dcce4925550ddfa115b3346bd6ed016	ELSA-2023-12326	ol6_x86_64_latest_archive
	openssl-static-1.0.1e-48.el6_8.1.x86_64.rpm	1542c152f638e5446bc6b417d47a8a2aae5b26d10474c99c9eeecfa7490523b5	ELSA-2023-12326	ol6_u8_x86_64_patch
	openssl-static-1.0.1e-48.el6_8.1.x86_64.rpm	1542c152f638e5446bc6b417d47a8a2aae5b26d10474c99c9eeecfa7490523b5	ELSA-2023-12326	ol6_x86_64_latest_archive

This page is generated automatically and has not been checked for errors or omissions. For clarification or corrections please contact the Oracle Linux ULN team