Resolution for CVE-2016-6309 and CVE-2016-7052 (OpenSSL September 26, 2016)

Solution Verified - Updated -

Issue

  • On 26 September 2016, the OpenSSL project team announced the release of OpenSSL versions 1.1.0b, 1.0.2j. These new versions of the OpenSSL toolkit fix several security issues, which have been rated by the Red Hat Product Security team as having a Moderate/Important/Low impact.
    What Red Hat products and distributed versions of OpenSSL are affected?
  • openssl: Use After Free for large message sizes (CVE-2016-6309)
  • openssl: Missing CRL sanity check (CVE-2016-7052)

Environment

  • Red Hat Enterprise Linux 7
  • Red Hat Enterprise Linux 6
  • Red Hat Enterprise Linux 5
  • openssl, openssl097a, openssl098e

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.

Current Customers and Partners

Log in for full access

Log In

New to Red Hat?

Learn more about Red Hat subscriptions

Using a Red Hat product through a public cloud?

How to access this content