MNBSD-2016-6: DROWN and related SSLv2/cryptographic OpenSSL vulnerabilities

Severity: Unknown

Affected Package: openssl

Summary: DROWN and related SSLv2/cryptographic OpenSSL vulnerabilities

Description

OpenSSL security update to stop the DROWN cross-protocol attack, in which SSLv2 support could be leveraged to decrypt TLS sessions, together with several related SSLv2 and low-level cryptographic flaws. A network attacker could recover plaintext of TLS connections or exploit the additional weaknesses. Fixed in the 0.7.5 release.

Affected Versions

openssl

Recommendations

No specific recommendations provided.

References

Additional Information

Aliases: CVE-2016-0800, CVE-2016-0705, CVE-2016-0798, CVE-2016-0797, CVE-2016-0799, CVE-2016-0702, CVE-2016-0704

Published: March 10, 2016
Last Modified: March 10, 2016