Security update for openssl
This update for openssl fixes the following issues:
- CVE-2016-2105: EVP_EncodeUpdate overflow (bsc#977614)
- CVE-2016-2106: EVP_EncryptUpdate overflow (bsc#977615)
- CVE-2016-2107: Padding oracle in AES-NI CBC MAC check (bsc#977616)
- CVE-2016-2108: Memory corruption in the ASN.1 encoder (bsc#977617)
- CVE-2016-2109: ASN.1 BIO excessive memory allocation (bsc#976942)
- bsc#976943: Buffer overrun in ASN1_parse
-
Submitted by
Michal Kubeček (mkubecek)
Fixed bugs
bnc#977614
VUL-0: CVE-2016-2105: openssl: EVP_EncodeUpdate overflow
bnc#977615
VUL-0: CVE-2016-2106: openssl: EVP_EncryptUpdate overflow
bnc#977616
VUL-0: CVE-2016-2107: openssl: Padding oracle in AES-NI CBC MAC check
bnc#977617
VUL-0: CVE-2016-2108: openssl: Memory corruption in the ASN.1 encoder
bnc#976942
VUL-1: CVE-2016-2109: openssl: Harden ASN.1 BIO handling of large amounts of data.
bnc#976943
VUL-1: openssl: Fix buffer overrun in ASN1_parse()
