With the last Core Update being released only yesterday, we went back to the lab and baked you a new one with the latest OpenSSL security fixes from today.

OpenSSL Security Fixes

The OpenSSL team published fixes for several security issues today:

  • Memory corruption in the ASN.1 encoder (CVE-2016-2108)
  • Padding oracle in AES-NI CBC MAC check (CVE-2016-2107)
  • EVP_EncodeUpdate overflow (CVE-2016-2105)
  • EVP_EncryptUpdate overflow (CVE-2016-2106)
  • ASN.1 BIO excessive memory allocation (CVE-2016-2109)
  • EBCDIC overread (CVE-2016-2176)

This Core Update brings you OpenSSL 1.0.2h which fixes all of these above. Additionally OpenSSH is updated to version 7.2p2 and will be restarted during the update.

We would like to encourage as many people as possible to help us test this release!