FEDORA-2016-05c567df1a — security update for openssl

stable

openssl-1.0.2h-1.fc23

FEDORA-2016-05c567df1a created by tmraz 9 years ago for Fedora 23

Security fix for CVE-2016-2108, CVE-2016-2107, CVE-2016-2105, CVE-2016-2106

How to install

Updates may require up to 24 hours to propagate to mirrors. If the following command doesn't work, please retry later:

sudo dnf upgrade --refresh --advisory=FEDORA-2016-05c567df1a

This update has been submitted for testing by tmraz.

9 years ago

fszymanski commented & provided feedback 9 years ago

karma

Works for me.

hreindl commented & provided feedback 9 years ago

karma

no regressions in internal tests, deployed to production servers

This update has been pushed to testing.

9 years ago

This update has been submitted for stable by bodhi.

9 years ago

dhgutteridge commented & provided feedback 9 years ago

karma

No issues noted in dependent applications.

mhayden commented & provided feedback 9 years ago

karma

Working well on a few high-traffic websites.

BZ#1331426 CVE-2016-2107 openssl: Padding oracle in AES-NI CBC MAC check

This update has been pushed to stable.

9 years ago

Please log in to add feedback.

Metadata

Type

security

Severity

high

Karma

Signed

Content Type

RPM

Test Gating

None

Autopush Settings

Unstable by Karma

-2

Stable by Karma

Stable by Time

disabled

Dates

submitted

9 years ago

in testing

9 years ago

in stable

9 years ago

Builds

openssl-1.0.2h-1.fc23

BZ#1331402 CVE-2016-2108 openssl: Memory corruption in the ASN.1 encoder

BZ#1331426 CVE-2016-2107 openssl: Padding oracle in AES-NI CBC MAC check

BZ#1331441 CVE-2016-2105 openssl: EVP_EncodeUpdate overflow

BZ#1331536 CVE-2016-2106 openssl: EVP_EncryptUpdate overflow

BZ#1332588 CVE-2016-2105 CVE-2016-2106 CVE-2016-2107 CVE-2016-2108 openssl: various flaws [fedora-all]

openssl-1.0.2h-1.fc23

Automated Test Results

None