[El-errata] New openssl updates available via Ksplice (ELSA-2016-0008)

Errata Announcements for Oracle Linux el-errata at oss.oracle.com
Fri Jan 8 05:42:53 PST 2016


Synopsis: ELSA-2016-0008 can now be patched using Ksplice
CVEs: CVE-2015-7575

Users with Oracle Linux Premier Support can now use Ksplice to patch
against the latest Oracle Security Advisory, ELSA-2016-0008.

INSTALLING THE UPDATES

We recommend that all users of Ksplice on OL 7 install these updates.

You can install these updates by running:

# ksplice -y user upgrade


DESCRIPTION

* CVE-2015-7575: Server authentication bypass in TLS 1.2 (SLOTH).

A flaw in TLS1.2 could allow an attacker to downgrade the signature hash
to the insecure MD5 hash algorithm, potentially allowing a
man-in-the-middle attack by taking advantage of hash collisions in MD5.

SUPPORT

Ksplice support is available at ksplice-support_ww at oracle.com.





More information about the El-errata mailing list