| Errata ID | 410 |
|---|---|
| Date | 2016-03-30 |
| Source package | openssl |
| Fixed in version | 0.9.8o-4.108.201603021826 |
| Description | Multiple vulnerabilities have been discovered in the OpenSSL libraries: * PKCS#7 and CMS routines: malformed X509_ATTRIBUTE structure OpenSSL will leak memory (CVE-2015-3195) * A malicious client could negotiate SSLv2 ciphers that had been disabled on the server and complete SSLv2 handshakes even if all SSLv2 ciphers have been disabled (CVE-2015-3197) * Now, when using a DHE cipher suite a new DH key will always be generated for each connection. * BN_hex2bn/BN_dec2bn NULL pointer deref/heap corruption (CVE-2016-0797) * Memory issues in BIO_*printf functions (CVE-2016-0799) * DROWN attack (CVE-2016-0800) |
| Additional notes | |
| CVE ID | CVE-2015-3195 CVE-2015-3197 CVE-2016-0797 CVE-2016-0799 CVE-2016-0800 |
| UCS Bug number | #40189 |
