Severity: Unknown
Affected Package: openssl
Summary: Multiple OpenSSL vulnerabilities (AES-NI CBC padding, encode/encrypt overflows, ASN.1 memory exhaustion)
OpenSSL security update fixing an AES-NI CBC MAC padding check that no longer verified sufficient data was present (a padding-oracle style flaw), overflows in EVP_EncodeUpdate() and EVP_EncryptUpdate(), and an ASN.1 issue where short invalid encodings read via d2i_CMS_bio()-style functions could allocate large amounts of memory. Fixed in the 0.7.7 release.
No specific recommendations provided.
Aliases: CVE-2016-2107, CVE-2016-2105, CVE-2016-2106, CVE-2016-2109
Published: May 05, 2016
Last Modified: May 05, 2016