AOSA-2017-0009: Update OpenSSL
February 6, 2017
Please update your openssl
and openssl+32
package to version 1.0.2k
.
A recently released version of OpenSSL libraries and tools has addressed the following security vulnerabilities:
- Truncated packet could crash via OOB (out-of-bounds) read (CVE-2017-3731).
BN_mod_exp
may produce incorrect results onx86_64
(CVE-2017-3732).- Montgomery multiplication may produce incorrect results (CVE-2016-7055).
Relevant documentation: