OpenSSL 1.0.1 vulnerability CVE-2016-6304
Posted: 2016/09/28 08:32:16
Please tell us about how to correspond with vulnerability CVE-2016-6304 of OpenSSL.
I use the CentOS6.6 and openssl1.0.1.
I have confirmed the latest updates in the yum command but the latest version is not corresponding with thevulnerability CVE-2016-6304.
# rpm -q openssl
openssl-1.0.1e-48.el6_8.1.x86_64
# rpm -q --changelog openssl | head
* Mon May 02 2016 Tomáš Mráz <tmraz@redhat.com> 1.0.1e-48.1
- fix CVE-2016-2105 - possible overflow in base64 encoding
- fix CVE-2016-2106 - possible overflow in EVP_EncryptUpdate()
- fix CVE-2016-2107 - padding oracle in stitched AES-NI CBC-MAC
- fix CVE-2016-2108 - memory corruption in ASN.1 encoder
- fix CVE-2016-2109 - possible DoS when reading ASN.1 data from BIO
- fix CVE-2016-0799 - memory issues in BIO_printf
* Wed Feb 24 2016 Tomáš Mráz <tmraz@redhat.com> 1.0.1e-48
- fix CVE-2016-0702 - side channel attack on modular exponentiation
# yum list-sec cves
Loaded plugins: fastestmirror, security
updateinfo list done
I use the CentOS6.6 and openssl1.0.1.
I have confirmed the latest updates in the yum command but the latest version is not corresponding with thevulnerability CVE-2016-6304.
# rpm -q openssl
openssl-1.0.1e-48.el6_8.1.x86_64
# rpm -q --changelog openssl | head
* Mon May 02 2016 Tomáš Mráz <tmraz@redhat.com> 1.0.1e-48.1
- fix CVE-2016-2105 - possible overflow in base64 encoding
- fix CVE-2016-2106 - possible overflow in EVP_EncryptUpdate()
- fix CVE-2016-2107 - padding oracle in stitched AES-NI CBC-MAC
- fix CVE-2016-2108 - memory corruption in ASN.1 encoder
- fix CVE-2016-2109 - possible DoS when reading ASN.1 data from BIO
- fix CVE-2016-0799 - memory issues in BIO_printf
* Wed Feb 24 2016 Tomáš Mráz <tmraz@redhat.com> 1.0.1e-48
- fix CVE-2016-0702 - side channel attack on modular exponentiation
# yum list-sec cves
Loaded plugins: fastestmirror, security
updateinfo list done