[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
OpenSSL CVE-2016-2177, CVE-2016-2178
From: |
Leo Famulari |
Subject: |
OpenSSL CVE-2016-2177, CVE-2016-2178 |
Date: |
Sat, 11 Jun 2016 21:22:01 -0400 |
User-agent: |
Mutt/1.6.0 (2016-04-01) |
Some bugs in OpenSSL were recently disclosed.
CVE-2016-2177
http://seclists.org/oss-sec/2016/q2/500
CVE-2016-2178
http://seclists.org/oss-sec/2016/q2/493
The second bug can apparently be used by an attacker to recover DSA
keys. And remember that OpenSSH uses OpenSSL, so it is affected too.
Should we try cherry-picking the upstream commits from the OpenSSL
development repo?
- OpenSSL CVE-2016-2177, CVE-2016-2178,
Leo Famulari <=