FEDORA-2016-2802690366

security update in Fedora 23 for openssl

Status: stable 3 years ago

New upstream release fixing security issues.

Note that SSLv2 was already disabled by default in Fedora OpenSSL.

How to install

sudo dnf upgrade --advisory=FEDORA-2016-2802690366

Comments 11

This update has been submitted for testing by tmraz.

This update has obsoleted openssl-1.0.2g-1.fc23, and has inherited its bugs and notes.

tmraz edited this update.

This one looks good, it preserves ABI.

karma: +1

+1, mod_ssl upstream test suite passes.

karma: +1 critpath: +1

This update has been pushed to testing.

This update has been submitted for stable by bodhi.

Works well. No issues have noticed

karma: +1

critpath: +1 #1313509: +1

This update has been pushed to stable.

Its severity needs to be 'High'. It fixes CVE-2016-0800 DROWN issue -> https://openssl.org/news/vulnerabilities.html#y2016 Notes about update should include such information.

No, because SSLv2 was already disabled before, this erratum does not really solve DROWN - it was already solved.

Content Type
RPM
Status
stable
Test Gating
Submitted by
Update Type
security
Update Severity
low
Karma
+2
stable threshold: 2
unstable threshold: -2
Autopush
Enabled
Dates
submitted 3 years ago
in testing 3 years ago
in stable 3 years ago
modified 3 years ago

Related Bugs 6

00 #1310596 CVE-2016-0705 OpenSSL: Double-free in DSA code
00 #1310599 CVE-2016-0702 OpenSSL: Side channel attack on modular exponentiation
00 #1312219 CVE-2016-0799 OpenSSL: Fix memory issues in BIO_*printf functions
00 #1312856 CVE-2016-0799 OpenSSL: Fix memory issues in BIO_*printf functions [fedora-all]
00 #1312860 CVE-2016-0705 OpenSSL: Double-free in DSA code [fedora-all]
0+1 #1313509 openssl-1.0.2g-1.fc23 breaks ABI, missing symbols compared to openssl-1.0.2f-1.fc23

Automated Test Results