Synopsis:          Moderate: openssl security update
Advisory ID:       SLSA-2017:0286-1
Issue Date:        2017-02-20
CVE Numbers:       CVE-2016-8610
                   CVE-2017-3731
--

Security Fix(es):

* An integer underflow leading to an out of bounds read flaw was found in
OpenSSL. A remote attacker could possibly use this flaw to crash a 32-bit
TLS/SSL server or client using OpenSSL if it used the RC4-MD5 cipher
suite. (CVE-2017-3731)

* A denial of service flaw was found in the way the TLS/SSL protocol
defined processing of ALERT packets during a connection handshake. A
remote attacker could use this flaw to make a TLS/SSL server consume an
excessive amount of CPU and fail to accept connections form other clients.
(CVE-2016-8610)
--

SL6
  x86_64
    openssl-1.0.1e-48.el6_8.4.i686.rpm
    openssl-1.0.1e-48.el6_8.4.x86_64.rpm
    openssl-debuginfo-1.0.1e-48.el6_8.4.i686.rpm
    openssl-debuginfo-1.0.1e-48.el6_8.4.x86_64.rpm
    openssl-devel-1.0.1e-48.el6_8.4.i686.rpm
    openssl-devel-1.0.1e-48.el6_8.4.x86_64.rpm
    openssl-perl-1.0.1e-48.el6_8.4.x86_64.rpm
    openssl-static-1.0.1e-48.el6_8.4.x86_64.rpm
  i386
    openssl-1.0.1e-48.el6_8.4.i686.rpm
    openssl-debuginfo-1.0.1e-48.el6_8.4.i686.rpm
    openssl-devel-1.0.1e-48.el6_8.4.i686.rpm
    openssl-perl-1.0.1e-48.el6_8.4.i686.rpm
    openssl-static-1.0.1e-48.el6_8.4.i686.rpm
SL7
  x86_64
    openssl-1.0.1e-60.el7_3.1.x86_64.rpm
    openssl-debuginfo-1.0.1e-60.el7_3.1.i686.rpm
    openssl-debuginfo-1.0.1e-60.el7_3.1.x86_64.rpm
    openssl-libs-1.0.1e-60.el7_3.1.i686.rpm
    openssl-libs-1.0.1e-60.el7_3.1.x86_64.rpm
    openssl-devel-1.0.1e-60.el7_3.1.i686.rpm
    openssl-devel-1.0.1e-60.el7_3.1.x86_64.rpm
    openssl-perl-1.0.1e-60.el7_3.1.x86_64.rpm
    openssl-static-1.0.1e-60.el7_3.1.i686.rpm
    openssl-static-1.0.1e-60.el7_3.1.x86_64.rpm

- Scientific Linux Development Team