Note to readers

This publication does not currently meet the Government of Canada's Web Standards. The information remains valid.

OpenSSL Advisory – Multiple Vulnerabilities

Number: AV16-071
Date: 3 May 2016

Purpose

The purpose of this advisory is to bring attention to multiple security updates released by OpenSSL.

Assessment

CCIRC is aware of six (2 high and 4 low) disclosed vulnerabilities in OpenSSL for which updates are available.

Affected Versions: 1.0.1 and 1.0.2

CVE References: CVE-2016-2176, CVE-2016-2109, CVE-2016-2108, CVE-2016-2107, CVE-2016-2106, CVE-2016-2105

Suggested action

CCIRC recommends that system administrators test and deploy the vendor released updates on affected platforms accordingly.

OpenSSL 1.0.1 users should upgrade to 1.0.1t.
OpenSSL 1.0.2 users should upgrade to 1.0.2h.

References

OpenSSL Advisory: https://www.openssl.org/news/secadv/20160503.txt

Date modified: