Security update for openssl
This update for openssl fixes the following issues:
- CVE-2016-2108: Memory corruption in the ASN.1 encoder (boo#977617)
- CVE-2016-2107: Padding oracle in AES-NI CBC MAC check (boo#977616)
- CVE-2016-2105: EVP_EncodeUpdate overflow (boo#977614)
- CVE-2016-2106: EVP_EncryptUpdate overflow (boo#977615)
- CVE-2016-2109: ASN.1 BIO excessive memory allocation (boo#976942)
- boo#976943: Buffer overrun in ASN1_parse
- boo#977621: Preserve digests for SNI
- boo#958501: Fix openssl enc -non-fips-allow option in FIPS mode
-
Submitted by
Vítězslav Čížek (vitezslav_cizek)
Fixed bugs
bnc#958501
openssl: automatic fallback to SHA1 and no error if non FIPS algo is used
bnc#976943
VUL-1: openssl: Fix buffer overrun in ASN1_parse()
bnc#976942
VUL-1: CVE-2016-2109: openssl: Harden ASN.1 BIO handling of large amounts of data.
bnc#977616
VUL-0: CVE-2016-2107: openssl: Padding oracle in AES-NI CBC MAC check
bnc#977617
VUL-0: CVE-2016-2108: openssl: Memory corruption in the ASN.1 encoder
bnc#977614
VUL-0: CVE-2016-2105: openssl: EVP_EncodeUpdate overflow
bnc#977615
VUL-0: CVE-2016-2106: openssl: EVP_EncryptUpdate overflow
bnc#977621
VUL-0: openssl: handling of SHA-1 in TLS 1.2 ServerKeyExchanges (2016-05-03)
