OpenSSL Security Advisory [26 Sep 2016]

Security annoucements of interest to the AtomiCorp community, such as vulnerabilities in third party applications.
User avatar
mikeshinn
Atomicorp Staff - Site Admin
Atomicorp Staff - Site Admin
Posts: 4149
Joined: Thu Feb 07, 2008 7:49 pm
Location: Chantilly, VA

OpenSSL Security Advisory [26 Sep 2016]

Unread post by mikeshinn »

ASL customers are not effected by these OpenSSL vulnerabilities. Please see this URL for details, or the summary below:

https://www.openssl.org/news/secadv/20160926.txt

Fix Use After Free for large message sizes (CVE-2016-6309) - This could lead to remote code execution on effected systems. ASL systems are already protected from this class of attack.

Missing CRL sanity check (CVE-2016-7052) - This could cause the application to crash, however platforms that use ASL are not using the effected version of OpenSSL.
Post Reply