AVG-33

Package openssl
Status Fixed
Severity Medium
Type denial of service
Affected 1.0.2.i-1
Fixed 1.0.2.j-1
Current 1.1.0.g-1 [core]
Ticket None
Created Mon Sep 26 11:19:43 2016
Issue Severity Remote Type Description
CVE-2016-7052 Medium Yes Denial of service
A bug fix which included a CRL sanity check was added to OpenSSL 1.1.0 but was omitted from OpenSSL 1.0.2i. As a result any attempt to use CRLs in OpenSSL...
Date Advisory Package Description
28 Sep 2016 ASA-201609-30 openssl denial of service
References
https://www.openssl.org/news/secadv/20160926.txt
Notes
This issue only affects OpenSSL 1.0.2i.