Univention Bugzilla – Bug 41225
openssl: multiple issues (3.2)
Last modified: 2016-09-21 21:27:31 CEST
Created attachment 7645 [details] patches-for-openssl-0.9.8o-4squeeze23.tar.gz The attached tgz contains backported patches for * EVP_EncodeUpdate overflow (CVE-2016-2105) * EVP_EncryptUpdate overflow (CVE-2016-2106) * Memory corruption in the ASN.1 encoder (CVE-2016-2108) * ASN.1 BIO excessive memory allocation (CVE-2016-2109) The code affected by CVE-2016-2107 is not present in OpenSSL 0.9.8 +++ This bug was initially created as a clone of Bug #41198 +++
Created attachment 7650 [details] patches-for-openssl-0.9.8o-4squeeze23.tar.gz Updated patch bundle, the other one was incomplete.
(In reply to Arvid Requate from comment #1) > Created attachment 7650 [details] > patches-for-openssl-0.9.8o-4squeeze23.tar.gz > > Updated patch bundle, the other one was incomplete. Removed duplicate " {" from CVE-2016-2105.patch Otherwise they are good.
Tests (i386): OK Advisory: openssl.yaml
Verified: * Source patches ok and applied * Binary packages updatable * Advisory: Ok
<http://errata.software-univention.de/ucs/3.2/426.html>