[openssl-users] CVE-2016-2108 and openssl 0.9.8zf

Marcus Meissner meissner at suse.de
Thu Aug 25 10:34:25 UTC 2016


Hi,

to my knowledge older versions are also affected.

Ciao, Marcus
On Thu, Aug 25, 2016 at 03:10:19AM +0000, Zhang, Lily (USD) wrote:
> Hi
> 
> From the openssl website, it mentioned that CVE-2016-2108<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2108> affected version of Openssl prior to April 2015.
> We used openssl 0.98zf in our old product which was released several years ago.
> 
> Do you know if CVE-2016-2108<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2108> affected version 0.9.8zf?  We want to get this info to plan our work.
> 
> Thanks
> Lily
> 
> CVE-2016-2108<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2108> (OpenSSL advisory) <https://www.openssl.org/news/secadv/20160503.txt> [High severity] 3rd May 2016: [https://www.openssl.org/img/up.gif] <https://www.openssl.org/news/vulnerabilities.html#toc>
> This issue affected versions of OpenSSL prior to April 2015.
> 
> CVE-2016-2108<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2108> (OpenSSL advisory) <https://www.openssl.org/news/secadv/20160503.txt> [High severity] 3rd May 2016: [https://www.openssl.org/img/up.gif] <https://www.openssl.org/news/vulnerabilities.html#toc>
> *         Fixed in OpenSSL 1.0.1o (Affected 1.0.1n, 1.0.1m, 1.0.1l, 1.0.1k, 1.0.1j, 1.0.1i, 1.0.1h, 1.0.1g, 1.0.1f, 1.0.1e, 1.0.1d, 1.0.1c, 1.0.1b, 1.0.1a, 1.0.1)
> *         Fixed in OpenSSL 1.0.2c (Affected 1.0.2b, 1.0.2a, 1.0.2)
> 
> 



> -- 
> openssl-users mailing list
> To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users


-- 
Marcus Meissner,SUSE LINUX GmbH; Maxfeldstrasse 5; D-90409 Nuernberg; Zi. 3.1-33,+49-911-740 53-432,,serv=loki,mail=wotan,type=real <meissner at suse.de>


More information about the openssl-users mailing list