OpenSSL Security Advisory [26 Sep 2016]
Posted: Mon Sep 26, 2016 12:57 pm
ASL customers are not effected by these OpenSSL vulnerabilities. Please see this URL for details, or the summary below:
https://www.openssl.org/news/secadv/20160926.txt
Fix Use After Free for large message sizes (CVE-2016-6309) - This could lead to remote code execution on effected systems. ASL systems are already protected from this class of attack.
Missing CRL sanity check (CVE-2016-7052) - This could cause the application to crash, however platforms that use ASL are not using the effected version of OpenSSL.
https://www.openssl.org/news/secadv/20160926.txt
Fix Use After Free for large message sizes (CVE-2016-6309) - This could lead to remote code execution on effected systems. ASL systems are already protected from this class of attack.
Missing CRL sanity check (CVE-2016-7052) - This could cause the application to crash, however platforms that use ASL are not using the effected version of OpenSSL.