OpenSSL 1.0.2i [22 Sep 2016]; SWEET32 mitigation and typical CVE fixes auto/ac/openssl-1.0.2i-1 auto/th/openssl-1.0.2i-1
authorElan Ruusamäe <glen@delfi.ee>
Thu, 22 Sep 2016 17:58:56 +0000 (20:58 +0300)
committerElan Ruusamäe <glen@delfi.ee>
Thu, 22 Sep 2016 17:59:16 +0000 (20:59 +0300)
commit02ab0068b02e3708f828e319dbb5eb7abaa9e067
tree7e13904071724afcf87a805104c6479da5345266
parent657674fb119272462329c93cb8aed26af759c05e
OpenSSL 1.0.2i [22 Sep 2016]; SWEET32 mitigation and typical CVE fixes

- OCSP Status Request extension unbounded memory growth (CVE-2016-6304)
- SWEET32 Mitigation (CVE-2016-2183)
- OOB write in MDC2_Update() (CVE-2016-6303)
- Malformed SHA512 ticket DoS (CVE-2016-6302)
- OOB write in BN_bn2dec() (CVE-2016-2182)
- OOB read in TS_OBJ_print_bio() (CVE-2016-2180)
- Pointer arithmetic undefined behaviour (CVE-2016-2177)
- Constant time flag not preserved in DSA signing (CVE-2016-2178)
- DTLS buffered message DoS (CVE-2016-2179)
- DTLS replay protection DoS (CVE-2016-2181)
- Certificate message OOB reads (CVE-2016-6306)

https://www.openssl.org/news/openssl-1.0.2-notes.html
openssl.spec
This page took 0.075806 seconds and 4 git commands to generate.