- Vulnerability/
- RHSA-2016:1137
RHSA-2016:1137: Important: openssl security update
First published: Tue May 31 2016(Updated: )
OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL) and<br>Transport Layer Security (TLS) protocols, as well as a full-strength<br>general-purpose cryptography library.<br>Security Fix(es):<br><li> A flaw was found in the way OpenSSL encoded certain ASN.1 data structures. An</li> attacker could use this flaw to create a specially crafted certificate which,<br>when verified or re-encoded by OpenSSL, could cause it to crash, or execute<br>arbitrary code using the permissions of the user running an application compiled<br>against the OpenSSL library. (CVE-2016-2108)<br>Red Hat would like to thank the OpenSSL project for reporting this issue.<br>Upstream acknowledges Huzaifa Sidhpurwala (Red Hat), Hanno Bock, and David<br>Benjamin (Google) as the original reporters.<br>
| Affected Software | Affected Version | How to fix |
|---|---|---|
| redhat/openssl | <0.9.8e-40.el5_11 | 0.9.8e-40.el5_11 |
| redhat/openssl | <0.9.8e-40.el5_11 | 0.9.8e-40.el5_11 |
| redhat/openssl-debuginfo | <0.9.8e-40.el5_11 | 0.9.8e-40.el5_11 |
| redhat/openssl-debuginfo | <0.9.8e-40.el5_11 | 0.9.8e-40.el5_11 |
| redhat/openssl-devel | <0.9.8e-40.el5_11 | 0.9.8e-40.el5_11 |
| redhat/openssl-devel | <0.9.8e-40.el5_11 | 0.9.8e-40.el5_11 |
| redhat/openssl-perl | <0.9.8e-40.el5_11 | 0.9.8e-40.el5_11 |
| redhat/openssl-perl | <0.9.8e-40.el5_11 | 0.9.8e-40.el5_11 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- agent/description
- agent/event
- agent/first-publish-date
- agent/last-modified-date
- agent/references
- agent/remedy
- agent/severity
- agent/softwarecombine
- agent/tags
- agent/title
- agent/type
- collector/redhat-errata
- source/Red Hat
- anchor-id/RHSA-2016:1137
- agent/software-canonical-lookup
- package-manager/redhat