AVG-143 log

Package openssl
Status Not affected
Severity High
Type denial of service
Affected 1.1.0.a-1
Fixed 1.1.0.c-1
Current 1.1.1.d-2 [core]
Ticket None
Created Sun Jan 15 21:48:03 2017
Issue Severity Remote Type Description
CVE-2016-7054 High Yes Denial of service
TLS connections using *-CHACHA20-POLY1305 ciphersuites are susceptible to a denial of service attack via application crash by corrupting larger payloads.
CVE-2016-7053 Medium Yes Denial of service
Applications parsing invalid CMS structures can crash with a NULL pointer dereference. This is caused by a bug in the handling of the ASN.1 CHOICE type in...
Notes
This issue does not affect OpenSSL versions prior to 1.1.0