Project

General

Profile

New openssl packages fix several vulnerabilities

the following openssl vulnerabilities have been addressed with new packages:

  • CVE-2016-2108
  • CVE-2016-2106
  • CVE-2016-2109
  • CVE-2016-2105
  • CVE-2016-2107
  • CVE-2016-2176
  • CVE-2016-0800
  • CVE-2016-0799
  • CVE-2016-0798
  • CVE-2016-0797
  • CVE-2016-0705
  • CVE-2016-0703
  • CVE-2016-0702

The package that fixes these vulnerabilities is: openssl-1.0.1e-48.el6_8.1

Fix

Solution:

upgrade with openssl-1.0.1e-48.el6_8.1.x86_64.rpm package from viapps repo.
upgrade with openssl-devel-1.0.1e-48.el6_8.1.x86_64.rpm package from viapps repo

Signatures

a7a67c0c2c682b19a60d2cfe53e20521  openssl-1.0.1e-48.el6_8.1.x86_64.rpm
371aa128cf4b5bfc32f6eaf56f08fabf       openssl-devel-1.0.1e-48.el6_8.1.x86_64.rpm

How to apply:

  1. Copy downloaded rpms to cmi:/var/www/repo/x86_64
  2. Update CMI repo
    [root@cmi ~] createrepo --update /var/www/repo/x86_64
    
  3. Update DNS/DHCP/NTP node. Either
    1. From CMI front end -> Appliances -> Setup -> Minor packages Upgrade
    2. Or manually:
      [root@fw1 ~]# yum clean all && yum install openssl
      [...]
      
      Complete!
      
      [root@fw1 ~]# rpm -q openssl
      openssl-1.0.1e-48.el6_8.1.x86_64
      

More information at: https://rhn.redhat.com/errata/RHSA-2016-0996.html