Univention Bugzilla – Bug 41197
openssl: multiple issues (4.1)
Last modified: 2016-09-30 11:58:10 CEST
The new openssl release 1.0.2h fixes these issues: * EVP_EncodeUpdate overflow (CVE-2016-2105) * EVP_EncryptUpdate overflow (CVE-2016-2106) * Padding oracle in AES-NI CBC MAC check (CVE-2016-2107) * Memory corruption in the ASN.1 encoder (CVE-2016-2108) * ASN.1 BIO excessive memory allocation (CVE-2016-2109) * EBCDIC overread (CVE-2016-2176)
Created attachment 7636 [details] openssl_patches_1.0.2d-0ubuntu1.5.tgz Backport patches for 1.0.2d
Debian sid currently has 1.0.2h-1
(In reply to Arvid Requate from comment #0) > The new openssl release 1.0.2h fixes these issues: > […] > * EBCDIC overread (CVE-2016-2176) - openssl <not-affected> (Only applies to EBCDIC systems) Patches applied: 1.0.2d-1.118.201605062014 Advisory: openssl.yaml
Verified: * Patches Ok and applied * Package updatable (amd64) * Advisory ok
<http://errata.software-univention.de/ucs/4.1/176.html>