Number: AV16-017
Date: 28 January 2016
Purpose
The purpose of this advisory is to bring attention to multiple security advisories released by OpenSSL.
Assessment
CCIRC is aware of five disclosed vulnerabilities in OpenSSL.
Affected versions: OpenSSL 1.0.2f and prior
CVE References: CVE-2016-0701, CVE-2015-3197
Suggested Action
CCIRC recommends that system administrators test and deploy the vendor released updates on affected platforms accordingly.
OpenSSL 1.0.2f for 1.0.2 users
OpenSSL 1.0.1r for 1.0.1 users
References:
OpenSSL Advisory: https://mta.openssl.org/pipermail/openssl-announce/2016-January/000061.html