Security update for libopenssl0_9_8
This update for libopenssl0_9_8 fixes the following issues:
- CVE-2016-2105: EVP_EncodeUpdate overflow (bsc#977614)
- CVE-2016-2106: EVP_EncryptUpdate overflow (bsc#977615)
- CVE-2016-2108: Memory corruption in the ASN.1 encoder (bsc#977617)
- CVE-2016-2109: ASN.1 BIO excessive memory allocation (bsc#976942)
- CVE-2016-0702: Side channel attack on modular exponentiation "CacheBleed" (bsc#968050)
- bsc#976943: Buffer overrun in ASN1_parse
-
Submitted by
Vítězslav Čížek (vitezslav_cizek)
Fixed bugs
bnc#977614
VUL-0: CVE-2016-2105: openssl: EVP_EncodeUpdate overflow
bnc#977615
VUL-0: CVE-2016-2106: openssl: EVP_EncryptUpdate overflow
bnc#977617
VUL-0: CVE-2016-2108: openssl: Memory corruption in the ASN.1 encoder
bnc#976942
VUL-1: CVE-2016-2109: openssl: Harden ASN.1 BIO handling of large amounts of data.
bnc#968050
VUL-1: CVE-2016-0702: openssl: Side channel attack on modular exponentiation "CacheBleed"
bnc#976943
VUL-1: openssl: Fix buffer overrun in ASN1_parse()
