[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Cisco Security Advisory: Multiple Vulnerabilities in OpenSSL Affecting Cisco Products: May 2016

To: bugtraq@xxxxxxxxxxxxxxxxx
Subject: Cisco Security Advisory: Multiple Vulnerabilities in OpenSSL Affecting Cisco Products: May 2016
From: Cisco Systems Product Security Incident Response Team <psirt@xxxxxxxxx>
Date: Wed, 4 May 2016 13:33:07 -0700

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Cisco Security Advisory: Multiple Vulnerabilities in OpenSSL Affecting Cisco 
Products: May 2016 

Advisory ID: cisco-sa-20160504-openssl

Revision 1.0

For Public Release 2016 May 04 19:30  GMT (UTC)

+---------------------------------------------------------------------

Summary
=======

On May 3, 2016, the OpenSSL Software Foundation released a security advisory 
that included six vulnerabilities. Out of the six vulnerabilities disclosed, 
four of them may cause a memory corruption or excessive memory usage, one could 
allow a padding oracle attack to decrypt traffic when the connection uses an 
AES CBC cipher and the server supports AES-NI, and, lastly, one is specific to 
a product performing an operation with Extended Binary Coded Decimal 
Interchange Code (EBCDIC) encoding.

Multiple Cisco products incorporate a version of the OpenSSL package affected 
by one or more vulnerabilities.

This advisory will be updated as additional information becomes available.

This advisory is available at the following link:
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160504-openssl


-----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2
Comment: GPGTools - https://gpgtools.org

iQIcBAEBCgAGBQJXKlTFAAoJEK89gD3EAJB5gbgP/i8P9n6GNTj8WmRkfx9Iu54o
LTNnlJ1gaOTxl4CWeeBAXre6LIJ0l2oMarScMchbI5uje7oxdR7r1jq1a+Fd3Xa9
r4YWfoWzfkO/77ULtxr2vHzvLCDHxpU2Q92heDCMU0ZdSvTguTQ65vxPeVuNpqnp
mI9IKs86Sm9WlY1fm1goAkIr8ES4+vC2MMPXc2xt77Zq8QnLXVgRxapgXBdmQuOS
ihwiTPNtnU8Is+X9wvZoalBPqYBoZr6nYTzTTmEr6RkhMugq5klHxUs1CMEdkDlJ
7m3eVle45BJMJCR3DXY9Hu+zzWHh55K6XVFBYL03TfaVPx1P7IxJdhZJXFYe6wP6
ySY+uYfIfuVH3KLyL/xBy1v3rotIKJtpp4/RSYRVk99zQvs7Up1dHfNkcEHNPOH2
YzSoIW+h/ykSDowLHLgx0NnHEHSOViTKySzZBsRsXXRNumHv6rXl3kfvT2ZHbAin
d6SZ4ONMxNZmeF+0etG0HWPLA1bO8FXsv6Qi9AKrm4ldIWE4mKw+a5PNPFkmL9z+
Pkj5nmaye2y21hWf8AZV1ThUvYp/xZO9vEsked8r4qrHznUwWZsqPv1raPGTAIBp
G50FxE1Z6Fxr4CuxH5nHpyzhF+ZANl/JeCOzQc9j8VzqW3nD5PzqLZQL9KGYUNq0
OfdMkykaRaf0jwlAvCTF
=xju6
-----END PGP SIGNATURE-----

Prev by Date: ESA-2016-051: Patch 14 for RSA® Authentication Manager 8.1 SP1 to Address Multiple Vulnerabilities
Next by Date: FreeBSD Security Advisory FreeBSD-SA-16:17.openssl
Previous by thread: ESA-2016-051: Patch 14 for RSA® Authentication Manager 8.1 SP1 to Address Multiple Vulnerabilities
Next by thread: FreeBSD Security Advisory FreeBSD-SA-16:17.openssl
Index(es):
- Date
- Thread