ELSA-2016-0302

Опубликовано: 01 мар. 2016

Источник: oracle-oval

Платформа: Oracle Linux 5

Описание

ELSA-2016-0302: openssl security update (IMPORTANT)

[0.9.8e-39.0.1]

To disable SSLv2 client connections create the file /etc/sysconfig/openssl-ssl-client-kill-sslv2 (John Haxby) [orabug 21673934]
Backport openssl 08-Jan-2015 security fixes (John Haxby) [orabug 20409893]
fix CVE-2014-3570 - Bignum squaring may produce incorrect results
fix CVE-2014-3571 - DTLS segmentation fault in dtls1_get_record
fix CVE-2014-3572 - ECDHE silently downgrades to ECDH [Client]

[0.9.8e-39]

fix CVE-2016-0797 - heap corruption in BN_hex2bn and BN_dec2bn

[0.9.8e-38]

fix CVE-2015-3197 - SSLv2 ciphersuite enforcement
disable SSLv2 in the generic TLS method (can be reenabled by setting environment variable OPENSSL_ENABLE_SSL2)

Обновленные пакеты

Oracle Linux 5

Oracle Linux ia64

openssl

0.9.8e-39.0.1.el5_11

openssl-devel

0.9.8e-39.0.1.el5_11

openssl-perl

0.9.8e-39.0.1.el5_11

Oracle Linux x86_64

openssl

0.9.8e-39.0.1.el5_11

openssl-devel

0.9.8e-39.0.1.el5_11

openssl-perl

0.9.8e-39.0.1.el5_11

Oracle Linux i386

openssl

0.9.8e-39.0.1.el5_11

openssl-devel

0.9.8e-39.0.1.el5_11

openssl-perl

0.9.8e-39.0.1.el5_11

Связанные CVE

CVE-2015-3197

CVE-2016-0797

CVE-2016-0800

Ссылки на источники

Связанные уязвимости

ELSA-2016-0301

oracle-oval

больше 9 лет назад

ELSA-2016-0301: openssl security update (IMPORTANT)

SUSE-SU-2016:0631-1

suse-cvrf

больше 9 лет назад

Security update for compat-openssl097g

openSUSE-SU-2016:0720-1

suse-cvrf

больше 9 лет назад

Security update for openssl

SUSE-SU-2016:0641-1

suse-cvrf

больше 9 лет назад

Security update for openssl

SUSE-SU-2016:0624-1

suse-cvrf

больше 9 лет назад

Security update for openssl