Overview

File _patchinfo of Package patchinfo.2462

<patchinfo incident="2462">
  <issue id="958501" tracker="bnc">openssl: automatic fallback to SHA1 and no error if non FIPS algo is used</issue>
  <issue id="976943" tracker="bnc">VUL-1: openssl: Fix buffer overrun in ASN1_parse()</issue>
  <issue id="976942" tracker="bnc">VUL-1: CVE-2016-2109: openssl: Harden ASN.1 BIO handling of large amounts of data.</issue>
  <issue id="977616" tracker="bnc">VUL-0: CVE-2016-2107: openssl: Padding oracle in AES-NI CBC MAC check</issue>
  <issue id="977617" tracker="bnc">VUL-0: CVE-2016-2108: openssl: Memory corruption in the ASN.1 encoder</issue>
  <issue id="977614" tracker="bnc">VUL-0: CVE-2016-2105: openssl: EVP_EncodeUpdate overflow</issue>
  <issue id="977615" tracker="bnc">VUL-0: CVE-2016-2106: openssl: EVP_EncryptUpdate overflow</issue>
  <issue id="977621" tracker="bnc">VUL-0: openssl: handling of SHA-1 in TLS 1.2 ServerKeyExchanges (2016-05-03)</issue>
  <issue id="CVE-2016-2105" tracker="cve" />
  <issue id="CVE-2016-2107" tracker="cve" />
  <issue id="CVE-2016-2106" tracker="cve" />
  <issue id="CVE-2016-2109" tracker="cve" />
  <issue id="CVE-2016-2108" tracker="cve" />
  <category>security</category>
  <rating>important</rating>
  <packager>vitezslav_cizek</packager>
  <description>This update for openssl fixes the following issues:

- CVE-2016-2108: Memory corruption in the ASN.1 encoder (bsc#977617)
- CVE-2016-2107: Padding oracle in AES-NI CBC MAC check (bsc#977616)
- CVE-2016-2105: EVP_EncodeUpdate overflow (bsc#977614)
- CVE-2016-2106: EVP_EncryptUpdate overflow (bsc#977615)
- CVE-2016-2109: ASN.1 BIO excessive memory allocation (bsc#976942)
- bsc#976943: Buffer overrun in ASN1_parse
- bsc#977621: Preserve negotiated digests for SNI (bsc#977621)
- bsc#958501: Fix openssl enc -non-fips-allow option in FIPS mode (bsc#958501)
</description>
  <summary>Security update for openssl</summary>
</patchinfo>
openSUSE Build Service is sponsored by
Places