Red Hat Security Advisory: openssl security update
🔗 CVE IDs covered (10)
📋 Description
CVE-2016-2177 — openssl: Possible integer overflow vulnerabilities in codebase CVE-2016-2178 — openssl: Non-constant time codepath followed for certain operations in DSA implementation CVE-2016-2179 — openssl: DTLS memory exhaustion DoS when messages are not removed from fragment buffer CVE-2016-2180 — OpenSSL: OOB read in TS_OBJ_print_bio() CVE-2016-2181 — openssl: DTLS replay protection bypass allows DoS against DTLS connection CVE-2016-2182 — openssl: Out-of-bounds write caused by unchecked errors in BN_bn2dec() CVE-2016-2183 — SSL/TLS: Birthday attack against 64-bit block ciphers (SWEET32) CVE-2016-6302 — openssl: Insufficient TLS session ticket HMAC length checks CVE-2016-6304 — openssl: OCSP Status Request extension unbounded memory growth CVE-2016-6306 — openssl: certificate message OOB reads
🔗 References (14)
- selfhttps://access.redhat.com/errata/RHSA-2016:1940
- externalhttps://access.redhat.com/security/updates/classification/#important
- externalhttps://www.openssl.org/news/secadv/20160922.txt
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1341705
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1343400
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1359615
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1367340
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1369113
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1369383
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1369504
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1369855
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1377594
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1377600
- selfhttps://security.access.redhat.com/data/csaf/v2/advisories/2016/rhsa-2016_1940.json