FEDORA-2016-2802690366

security update in Fedora 23 for openssl

Status: stable 3 years ago

New upstream release fixing security issues.

Note that SSLv2 was already disabled by default in Fedora OpenSSL.

Comments 11

This update has been submitted for testing by tmraz.

This update has obsoleted openssl-1.0.2g-1.fc23, and has inherited its bugs and notes.

tmraz edited this update.

This one looks good, it preserves ABI.

karma: +1

+1, mod_ssl upstream test suite passes.

karma: +1 critpath: +1

This update has been pushed to testing.

This update has been submitted for stable by bodhi.

Works well. No issues have noticed

karma: +1

critpath: +1 #1313509: +1

This update has been pushed to stable.

Its severity needs to be 'High'. It fixes CVE-2016-0800 DROWN issue -> https://openssl.org/news/vulnerabilities.html#y2016 Notes about update should include such information.

No, because SSLv2 was already disabled before, this erratum does not really solve DROWN - it was already solved.

Add Comment & Feedback

Please login to add feedback.

Content Type
RPM
Status
stable
Test Gating
Submitted by
Update Type
security
Update Severity
low
Karma
+2
stable threshold: 2
unstable threshold: -2
Autopush (karma)
Enabled
Autopush (time)
Disabled
Dates
submitted 3 years ago
in testing 3 years ago
in stable 3 years ago
modified 3 years ago

Related Bugs 6

00 #1310596 CVE-2016-0705 OpenSSL: Double-free in DSA code
00 #1310599 CVE-2016-0702 OpenSSL: Side channel attack on modular exponentiation
00 #1312219 CVE-2016-0799 OpenSSL: Fix memory issues in BIO_*printf functions
00 #1312856 CVE-2016-0799 OpenSSL: Fix memory issues in BIO_*printf functions [fedora-all]
00 #1312860 CVE-2016-0705 OpenSSL: Double-free in DSA code [fedora-all]
0+1 #1313509 openssl-1.0.2g-1.fc23 breaks ABI, missing symbols compared to openssl-1.0.2f-1.fc23

Automated Test Results