OpenSSL: Multiple vulnerabilities have been addressed in the latest release

Posted on Posted in OpenSSL

Decription: Multiple vulnerabilities were reported in OpenSSL.

Changes: The following issues have been addressed:

  1. Padding oracle in AES-NI CBC MAC check (CVE-2016-2107)
  2. EVP_EncodeUpdate overflow (CVE-2016-2105)
  3. EVP_EncryptUpdate overflow (CVE-2016-2106)
  4. ASN.1 BIO excessive memory allocation (CVE-2016-2109)
  5. EBCDIC overread (CVE-2016-2176)

Affected versions of OpenSSL prior to April 2016

Recommended action:

  • OpenSSL 1.0.2 users should upgrade to 1.0.2h
  • OpenSSL 1.0.1 users should upgrade to 1.0.1t

Origin URLs:

  1. https://www.openssl.org/news/secadv/20160503.txt
  2. http://www.securitylab.ru/vulnerability/481699.php

Leave a Reply

Your email address will not be published. Required fields are marked *