| Errata ID | 407 |
|---|---|
| Date | 2016-03-09 |
| Source package | openssl |
| Fixed in version | 1.0.1e-2.107.201603011735 |
| Description | Multiple vulnerabilities have been discovered in the OpenSSL libraries: * Denial of Service: Certificate verify crash with missing PSS parameter (CVE-2015-3194) * PKCS#7 and CMS routines: malformed X509_ATTRIBUTE structure OpenSSL will leak memory (CVE-2015-3195) * Race condition handling PSK identify hint potentially leading to double free in multithreaded clients (CVE-2015-3196) * SLOTH: Security Losses from Obsolete and Truncated Transcript Hashes (CVE-2015-7575) * Double-free in DSA code (CVE-2016-0705) * Memory leak in SRP database lookups (CVE-2016-0798) * BN_hex2bn/BN_dec2bn NULL pointer deref/heap corruption (CVE-2016-0797) * Memory issues in BIO_*printf functions (CVE-2016-0799) * Side channel attack on modular exponentiation (CVE-2016-0702) |
| Additional notes | |
| CVE ID | CVE-2015-3194 CVE-2015-3195 CVE-2015-3196 CVE-2015-7575 CVE-2016-0705 CVE-2016-0798 CVE-2016-0797 CVE-2016-0799 CVE-2016-0702 |
| UCS Bug number | #40188 |
