Synopsis: Moderate: openssl security update
Advisory ID: SLSA-2017:0286-1
Issue Date: 2017-02-20
CVE Numbers: CVE-2016-8610
CVE-2017-3731
—
Security Fix(es):
* An integer underflow leading to an out of bounds read flaw was found in
OpenSSL. A remote attacker could possibly use this flaw to crash a 32-bit
TLS/SSL server or client using OpenSSL if it used the RC4-MD5 cipher
suite. (CVE-2017-3731)
* A denial of service flaw was found in the way the TLS/SSL protocol
defined processing of ALERT packets during a connection handshake. A
remote attacker could use this flaw to make a TLS/SSL server consume an
excessive amount of CPU and fail to accept connections form other clients.
(CVE-2016-8610)
—
SL6
x86_64
openssl-1.0.1e-48.el6_8.4.i686.rpm
openssl-1.0.1e-48.el6_8.4.x86_64.rpm
openssl-debuginfo-1.0.1e-48.el6_8.4.i686.rpm
openssl-debuginfo-1.0.1e-48.el6_8.4.x86_64.rpm
openssl-devel-1.0.1e-48.el6_8.4.i686.rpm
openssl-devel-1.0.1e-48.el6_8.4.x86_64.rpm
openssl-perl-1.0.1e-48.el6_8.4.x86_64.rpm
openssl-static-1.0.1e-48.el6_8.4.x86_64.rpm
i386
openssl-1.0.1e-48.el6_8.4.i686.rpm
openssl-debuginfo-1.0.1e-48.el6_8.4.i686.rpm
openssl-devel-1.0.1e-48.el6_8.4.i686.rpm
openssl-perl-1.0.1e-48.el6_8.4.i686.rpm
openssl-static-1.0.1e-48.el6_8.4.i686.rpm
SL7
x86_64
openssl-1.0.1e-60.el7_3.1.x86_64.rpm
openssl-debuginfo-1.0.1e-60.el7_3.1.i686.rpm
openssl-debuginfo-1.0.1e-60.el7_3.1.x86_64.rpm
openssl-libs-1.0.1e-60.el7_3.1.i686.rpm
openssl-libs-1.0.1e-60.el7_3.1.x86_64.rpm
openssl-devel-1.0.1e-60.el7_3.1.i686.rpm
openssl-devel-1.0.1e-60.el7_3.1.x86_64.rpm
openssl-perl-1.0.1e-60.el7_3.1.x86_64.rpm
openssl-static-1.0.1e-60.el7_3.1.i686.rpm
openssl-static-1.0.1e-60.el7_3.1.x86_64.rpm
– Scientific Linux Development Team
