AVG-143 log
| Package | openssl |
| Status | Not affected |
| Severity | High |
| Type | denial of service |
| Affected | 1.1.0.a-1 |
| Fixed | 1.1.0.c-1 |
| Current | 3.4.0-1 [core] |
| Ticket | None |
| Created | Sun Jan 15 21:48:03 2017 |
| Issue | Severity | Remote | Type | Description |
|---|---|---|---|---|
| CVE-2016-7054 | High | Yes | Denial of service | TLS connections using *-CHACHA20-POLY1305 ciphersuites are susceptible to a denial of service attack via application crash by corrupting larger payloads. |
| CVE-2016-7053 | Medium | Yes | Denial of service | Applications parsing invalid CMS structures can crash with a NULL pointer dereference. This is caused by a bug in the handling of the ASN.1 CHOICE type in... |
| Notes |
|---|
This issue does not affect OpenSSL versions prior to 1.1.0 |