First published: Mon Feb 22 2016(Updated: )
LibreSSL. Multiple issues were addressed by updating to libressl version 2.6.4.
Credit: CVE-2015-3194 CVE-2015-5333 CVE-2015-5334 CVE-2016-0702 secalert@redhat.com
Affected Software | Affected Version | How to fix |
---|---|---|
redhat/openssl | <1.0.1 | 1.0.1 |
redhat/openssl | <1.0.2 | 1.0.2 |
OpenSSL OpenSSL | =1.0.1 | |
OpenSSL OpenSSL | =1.0.1-beta1 | |
OpenSSL OpenSSL | =1.0.1-beta2 | |
OpenSSL OpenSSL | =1.0.1-beta3 | |
OpenSSL OpenSSL | =1.0.1a | |
OpenSSL OpenSSL | =1.0.1b | |
OpenSSL OpenSSL | =1.0.1c | |
OpenSSL OpenSSL | =1.0.1d | |
OpenSSL OpenSSL | =1.0.1e | |
OpenSSL OpenSSL | =1.0.1f | |
OpenSSL OpenSSL | =1.0.1g | |
OpenSSL OpenSSL | =1.0.1h | |
OpenSSL OpenSSL | =1.0.1i | |
OpenSSL OpenSSL | =1.0.1j | |
OpenSSL OpenSSL | =1.0.1k | |
OpenSSL OpenSSL | =1.0.1l | |
OpenSSL OpenSSL | =1.0.1m | |
OpenSSL OpenSSL | =1.0.1n | |
OpenSSL OpenSSL | =1.0.1o | |
OpenSSL OpenSSL | =1.0.1p | |
OpenSSL OpenSSL | =1.0.1q | |
OpenSSL OpenSSL | =1.0.1r | |
OpenSSL OpenSSL | =1.0.2 | |
OpenSSL OpenSSL | =1.0.2-beta1 | |
OpenSSL OpenSSL | =1.0.2-beta2 | |
OpenSSL OpenSSL | =1.0.2-beta3 | |
OpenSSL OpenSSL | =1.0.2a | |
OpenSSL OpenSSL | =1.0.2b | |
OpenSSL OpenSSL | =1.0.2c | |
OpenSSL OpenSSL | =1.0.2d | |
OpenSSL OpenSSL | =1.0.2e | |
OpenSSL OpenSSL | =1.0.2f | |
Nodejs Node.js | >=4.0.0<=4.1.2 | |
Nodejs Node.js | >=4.2.0<4.3.2 | |
Nodejs Node.js | >=5.0.0<5.7.1 | |
Debian Debian Linux | =7.0 | |
Debian Debian Linux | =8.0 | |
Canonical Ubuntu Linux | =12.04 | |
Canonical Ubuntu Linux | =14.04 | |
Canonical Ubuntu Linux | =15.10 | |
Apple macOS Mojave | <10.14 | 10.14 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
(Found alongside the following vulnerabilities)
CVE-2016-0702 is a vulnerability in OpenSSL that allows local users to discover RSA keys.
CVE-2016-0702 has a severity rating of 5.1 (medium).
OpenSSL versions 1.0.1 to 1.0.1s and 1.0.2 to 1.0.2g are affected by CVE-2016-0702.
To fix CVE-2016-0702, update OpenSSL to version 1.0.1t or 1.0.2h.
You can find more information about CVE-2016-0702 at the following links: http://cachebleed.info, http://cachebleed.info/, and https://www.openssl.org/news/secadv/20160301.txt.