Security update for openssl
This update for openssl fixes the following issues:
- CVE-2016-2108: Memory corruption in the ASN.1 encoder (bsc#977617)
- CVE-2016-2107: Padding oracle in AES-NI CBC MAC check (bsc#977616)
- CVE-2016-2105: EVP_EncodeUpdate overflow (bsc#977614)
- CVE-2016-2106: EVP_EncryptUpdate overflow (bsc#977615)
- CVE-2016-2109: ASN.1 BIO excessive memory allocation (bsc#976942)
- bsc#976943: Buffer overrun in ASN1_parse
- bsc#977621: Preserve negotiated digests for SNI (bsc#977621)
- bsc#958501: Fix openssl enc -non-fips-allow option in FIPS mode (bsc#958501)
This update was imported from the SUSE:SLE-12-SP1:Update update project.
-
Submitted by
Vítězslav Čížek (vitezslav_cizek)
Fixed bugs
bnc#958501
openssl: automatic fallback to SHA1 and no error if non FIPS algo is used
bnc#976943
VUL-1: openssl: Fix buffer overrun in ASN1_parse()
bnc#976942
VUL-1: CVE-2016-2109: openssl: Harden ASN.1 BIO handling of large amounts of data.
bnc#977616
VUL-0: CVE-2016-2107: openssl: Padding oracle in AES-NI CBC MAC check
bnc#977617
VUL-0: CVE-2016-2108: openssl: Memory corruption in the ASN.1 encoder
bnc#977614
VUL-0: CVE-2016-2105: openssl: EVP_EncodeUpdate overflow
bnc#977615
VUL-0: CVE-2016-2106: openssl: EVP_EncryptUpdate overflow
bnc#977621
VUL-0: openssl: handling of SHA-1 in TLS 1.2 ServerKeyExchanges (2016-05-03)
