Opened 8 years ago
Closed 8 years ago
#7800 closed enhancement (fixed)
openssl-1.0.2h
| Reported by: | Owned by: | ||
|---|---|---|---|
| Priority: | normal | Milestone: | 7.10 |
| Component: | BOOK | Version: | SVN |
| Severity: | normal | Keywords: | |
| Cc: |
Description
New micro version.
Change History (3)
comment:1 by , 8 years ago
| Owner: | changed from to |
|---|---|
| Status: | new → assigned |
comment:2 by , 8 years ago
Note:
See TracTickets
for help on using tickets.
Major changes between OpenSSL 1.0.2g and OpenSSL 1.0.2h [3 May 2016] o Prevent padding oracle in AES-NI CBC MAC check (CVE-2016-2107) o Fix EVP_EncodeUpdate overflow (CVE-2016-2105) o Fix EVP_EncryptUpdate overflow (CVE-2016-2106) o Prevent ASN.1 BIO excessive memory allocation (CVE-2016-2109) o EBCDIC overread (CVE-2016-2176) o Modify behavior of ALPN to invoke callback after SNI/servername callback, such that updates to the SSL_CTX affect ALPN. o Remove LOW from the DEFAULT cipher list. This removes singles DES from the default. o Only remove the SSLv2 methods with the no-ssl2-method option.