Note to readers

This publication does not currently meet the Government of Canada's Web Standards. The information remains valid.

OpenSSL Advisory – Multiple Vulnerabilities

Number: AV16-149
Date: 22 September 2016

Purpose

The purpose of this advisory is to bring attention to multiple security updates released by OpenSSL.

Assessment

CCIRC is aware of fourteen (1 high, 1 moderate and 12 low) disclosed vulnerabilities in OpenSSL for which updates are available.

Affected Versions: 1.1.0, 1.0.1 and 1.0.2

CVE References: CVE-2016-6304, CVE-2016-6305, CVE-2016-2183, CVE-2016-6303, CVE-2016-6302, CVE-2016-2182, CVE-2016-2180, CVE-2016-2177, CVE-2016-2178, CVE-2016-2179, CVE-2016-2181, CVE-2016-6306, CVE-2016-6307, CVE-2016-6308

Suggested action

CCIRC recommends that system administrators test and deploy the vendor released updates on affected platforms accordingly.
OpenSSL 1.1.0 users should upgrade to 1.1.0a
OpenSSL 1.0.2 users should upgrade to 1.0.2i
OpenSSL 1.0.1 users should upgrade to 1.0.1u

References

OpenSSL Advisory - https://www.openssl.org/news/secadv/20160922.txt

Date modified: