Advisory Notice - OCSP Status Request extension unbounded memory growth (CVE-2016-6304)

On September 22, 2016, OpenSSL 1.0.2i and 1.0.1u were released to address the following High Severity CVE:

OCSP Status Request extension unbounded memory growth (CVE-2016-6304)

On September 26, 2016, OpenSSL 1.0.2j was released to correct a crash with a null pointer exception when attempting to use CRLs in OpenSSL 1.0.2i. OpenSSL 1.0.2i users should upgrade to 1.0.2j.

SafeLogic plans to make updated builds (for OpenSSL 1.0.2j + CryptoComply) available to our deployed customers within three days of the release of this new version. (Note: the updates to OpenSSL 1.0.2i and 1.0.2j are outside of SafeLogic’s CryptoComply modules -- all FIPS 140-2 certificates will continue to be valid at the current software versions.)

When available at the close of business on Wednesday, September 28, 2016, you may download the updated binaries through the KNOWLEDGE BASE tab on SafeLogic's Support Portal.

For more info on the updates from OpenSSL, select the following links:

OpenSSL Security Advisory [22 Sep 2016] - 1.0.2i and 1.0.1u

OpenSSL Security Advisory [26 Sep 2016] - 1.0.2j 

 

Have more questions? Submit a request

0 Comments

Please sign in to leave a comment.