Resolution for CVE-2016-6309 and CVE-2016-7052 (OpenSSL September 26, 2016)
Issue
- On 26 September 2016, the OpenSSL project team announced the release of OpenSSL versions 1.1.0b, 1.0.2j. These new versions of the OpenSSL toolkit fix several security issues, which have been rated by the Red Hat Product Security team as having a Moderate/Important/Low impact.
What Red Hat products and distributed versions of OpenSSL are affected? - openssl: Use After Free for large message sizes (CVE-2016-6309)
- openssl: Missing CRL sanity check (CVE-2016-7052)
Environment
- Red Hat Enterprise Linux 7
- Red Hat Enterprise Linux 6
- Red Hat Enterprise Linux 5
- openssl, openssl097a, openssl098e
Subscriber exclusive content
A Red Hat subscription provides unlimited access to our knowledgebase of over 48,000 articles and solutions.
Welcome! Check out the Getting Started with Red Hat page for quick tours and guides for common tasks.
