<= Back

AOSA-2017-0009: Update OpenSSL

Please update your openssl and openssl+32 package to version 1.0.2k.

A recently released version of OpenSSL libraries and tools has addressed the following security vulnerabilities:

  • Truncated packet could crash via OOB (out-of-bounds) read (CVE-2017-3731).
  • BN_mod_exp may produce incorrect results on x86_64 (CVE-2017-3732).
  • Montgomery multiplication may produce incorrect results (CVE-2016-7055).

Relevant documentation: