OVMSA-2016-0031

OVMSA-2016-0031 - openssl security update

Type:SECURITY
Severity:IMPORTANT
Release Date:2016-03-01

Description


[1.0.1e-42.4]
- fix CVE-2016-0702 - side channel attack on modular exponentiation
- fix CVE-2016-0705 - double-free in DSA private key parsing
- fix CVE-2016-0797 - heap corruption in BN_hex2bn and BN_dec2bn

[1.0.1e-42.3]
- fix CVE-2015-3197 - SSLv2 ciphersuite enforcement
- disable SSLv2 in the generic TLS method


Related CVEs


CVE-2015-3197
CVE-2016-0702
CVE-2016-0705
CVE-2016-0797
CVE-2016-0800

Updated Packages


Release/ArchitectureFilenameMD5sumSuperseded By Advisory
Oracle VM 3.3 (x86_64) openssl-1.0.1e-42.el6_7.4.src.rpm62742f0f622eab9e268b7cab78e969e8OVMSA-2021-0011
openssl-1.0.1e-42.el6_7.4.x86_64.rpm473fbf62253a59c91ac62eb93d335311OVMSA-2021-0011
Oracle VM 3.4 (x86_64) openssl-1.0.1e-42.el6_7.4.src.rpm62742f0f622eab9e268b7cab78e969e8OVMSA-2021-0011
openssl-1.0.1e-42.el6_7.4.x86_64.rpm473fbf62253a59c91ac62eb93d335311OVMSA-2021-0011



This page is generated automatically and has not been checked for errors or omissions. For clarification or corrections please contact the Oracle Linux ULN team

software.hardware.complete