Severity: Unknown
Affected Package: openssl
Summary: DROWN and related SSLv2/cryptographic OpenSSL vulnerabilities
OpenSSL security update to stop the DROWN cross-protocol attack, in which SSLv2 support could be leveraged to decrypt TLS sessions, together with several related SSLv2 and low-level cryptographic flaws. A network attacker could recover plaintext of TLS connections or exploit the additional weaknesses. Fixed in the 0.7.5 release.
No specific recommendations provided.
Aliases: CVE-2016-0800, CVE-2016-0705, CVE-2016-0798, CVE-2016-0797, CVE-2016-0799, CVE-2016-0702, CVE-2016-0704
Published: March 10, 2016
Last Modified: March 10, 2016