| Errata ID | 176 |
|---|---|
| Date | 2016-05-11 |
| Source package | openssl |
| Fixed in version | 1.0.2d-1.118.201605062014 |
| Description | This update addresses the following issue(s): * EVP_EncodeUpdate overflow (CVE-2016-2105) * EVP_EncryptUpdate overflow (CVE-2016-2106) * Padding oracle in AES-NI CBC MAC check (CVE-2016-2107) * Memory corruption in the ASN.1 encoder (CVE-2016-2108) * ASN.1 BIO excessive memory allocation (CVE-2016-2109) * Additionally the minimum DH key size has been increased from 768 to 1024 to prevent downgrade attacks |
| Additional notes | |
| CVE ID | CVE-2016-2105 CVE-2016-2106 CVE-2016-2107 CVE-2016-2108 CVE-2016-2109 |
| UCS Bug number | #41197 |
