FEDORA-2016-2802690366 created by tmraz 3 years ago for Fedora 23
stable

New upstream release fixing security issues.

Note that SSLv2 was already disabled by default in Fedora OpenSSL.

How to install

sudo dnf upgrade --advisory=FEDORA-2016-2802690366

This update has been submitted for testing by tmraz.

3 years ago

This update has obsoleted openssl-1.0.2g-1.fc23, and has inherited its bugs and notes.

3 years ago

tmraz edited this update.

3 years ago
User Icon ppisar commented & provided feedback 3 years ago
karma

This one looks good, it preserves ABI.

User Icon jorton commented & provided feedback 3 years ago
karma

+1, mod_ssl upstream test suite passes.

This update has been pushed to testing.

3 years ago

This update has been submitted for stable by bodhi.

3 years ago
User Icon anonymous commented & provided feedback 3 years ago

Works well. No issues have noticed

karma: +1

BZ#1313509 openssl-1.0.2g-1.fc23 breaks ABI, missing symbols compared to openssl-1.0.2f-1.fc23

This update has been pushed to stable.

3 years ago
User Icon pjp commented & provided feedback 3 years ago

Its severity needs to be 'High'. It fixes CVE-2016-0800 DROWN issue -> https://openssl.org/news/vulnerabilities.html#y2016 Notes about update should include such information.

User Icon tmraz commented & provided feedback 3 years ago

No, because SSLv2 was already disabled before, this erratum does not really solve DROWN - it was already solved.


Please login to add feedback.

Metadata
Type
security
Severity
low
Karma
2
Signed
Content Type
RPM
Test Gating
Settings
Unstable by Karma
-2
Stable by Karma
2
Dates
submitted
3 years ago
in testing
3 years ago
in stable
3 years ago
modified
3 years ago
BZ#1310596 CVE-2016-0705 OpenSSL: Double-free in DSA code
0
0
BZ#1310599 CVE-2016-0702 OpenSSL: Side channel attack on modular exponentiation
0
0
BZ#1312219 CVE-2016-0799 OpenSSL: Fix memory issues in BIO_*printf functions
0
0
BZ#1312856 CVE-2016-0799 OpenSSL: Fix memory issues in BIO_*printf functions [fedora-all]
0
0
BZ#1312860 CVE-2016-0705 OpenSSL: Double-free in DSA code [fedora-all]
0
0
BZ#1313509 openssl-1.0.2g-1.fc23 breaks ABI, missing symbols compared to openssl-1.0.2f-1.fc23
0
1

Automated Test Results