--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2016-97454404fe
2016-10-11 15:41:14.519190
--------------------------------------------------------------------------------

Name        : openssl
Product     : Fedora 23
Version     : 1.0.2j
Release     : 1.fc23
URL         : http://www.openssl.org/
Summary     : Utilities from the general purpose cryptography library with TLS 
implementation
Description :
The OpenSSL toolkit provides support for secure communications between
machines. OpenSSL includes a certificate management tool and shared
libraries which provide various cryptographic algorithms and
protocols.

--------------------------------------------------------------------------------
Update Information:

Update from upstream with multiple security issues fixed.
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #1377600 - CVE-2016-6304 openssl: OCSP Status Request extension 
unbounded memory growth
        https://bugzilla.redhat.com/show_bug.cgi?id=1377600
  [ 2 ] Bug #1377594 - CVE-2016-6306 openssl: certificate message OOB reads
        https://bugzilla.redhat.com/show_bug.cgi?id=1377594
  [ 3 ] Bug #1369855 - CVE-2016-6302 openssl: Insufficient TLS session ticket 
HMAC length checks
        https://bugzilla.redhat.com/show_bug.cgi?id=1369855
  [ 4 ] Bug #1369504 - CVE-2016-2179 openssl: DTLS memory exhaustion DoS when 
messages are not removed from fragment buffer
        https://bugzilla.redhat.com/show_bug.cgi?id=1369504
  [ 5 ] Bug #1369113 - CVE-2016-2181 openssl: DTLS replay protection bypass 
allows DoS against DTLS connection
        https://bugzilla.redhat.com/show_bug.cgi?id=1369113
  [ 6 ] Bug #1367340 - CVE-2016-2182 openssl: Out-of-bounds write caused by 
unchecked errors in BN_bn2dec()
        https://bugzilla.redhat.com/show_bug.cgi?id=1367340
  [ 7 ] Bug #1359615 - CVE-2016-2180 OpenSSL: OOB read in TS_OBJ_print_bio()
        https://bugzilla.redhat.com/show_bug.cgi?id=1359615
  [ 8 ] Bug #1343400 - CVE-2016-2178 openssl: Non-constant time codepath 
followed for certain operations in DSA implementation
        https://bugzilla.redhat.com/show_bug.cgi?id=1343400
  [ 9 ] Bug #1341705 - CVE-2016-2177 openssl: Possible integer overflow 
vulnerabilities in codebase
        https://bugzilla.redhat.com/show_bug.cgi?id=1341705
  [ 10 ] Bug #1379310 - CVE-2016-7052 openssl: Missing CRL sanity check
        https://bugzilla.redhat.com/show_bug.cgi?id=1379310
--------------------------------------------------------------------------------

This update can be installed with the "yum" update program. Use
su -c 'yum update openssl' at the command line.
For more information, refer to "Managing Software with yum",
available at https://docs.fedoraproject.org/yum/.

All packages are signed with the Fedora Project GPG key.  More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
_______________________________________________
package-announce mailing list -- [email protected]
To unsubscribe send an email to [email protected]

Reply via email to