OpenSSL news

Posted on Posted in OpenSSL

Decription: The OpenSSL project team would like to announce the forthcoming release of OpenSSL versions 1.1.0a, 1.0.2i, 1.0.1u.

Changes:

  • SSL_peek() hang on empty record (CVE-2016-6305)
  • SWEET32 Mitigation (CVE-2016-2183)
  • OOB write in MDC2_Update() (CVE-2016-6303)
  • Malformed SHA512 ticket DoS (CVE-2016-6302)
  • OOB write in BN_bn2dec() (CVE-2016-2182)
  • OOB read in TS_OBJ_print_bio() (CVE-2016-2180)

Affected versions: of OpenSSL prior to September 2016

Recommended action:

Origin URLs:

Leave a Reply

Your email address will not be published. Required fields are marked *