[openssl-users] CVE-2016-2108 and openssl 0.9.8zf
Zhang, Lily (USD)
lily.zhang at emc.com
Fri Aug 26 02:16:47 UTC 2016
Thanks Marcus!
Lily
-----Original Message-----
From: openssl-users [mailto:openssl-users-bounces at openssl.org] On Behalf Of Marcus Meissner
Sent: Thursday, August 25, 2016 6:34 PM
To: openssl-users at openssl.org
Subject: Re: [openssl-users] CVE-2016-2108 and openssl 0.9.8zf
Hi,
to my knowledge older versions are also affected.
Ciao, Marcus
On Thu, Aug 25, 2016 at 03:10:19AM +0000, Zhang, Lily (USD) wrote:
> Hi
>
> From the openssl website, it mentioned that CVE-2016-2108<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2108> affected version of Openssl prior to April 2015.
> We used openssl 0.98zf in our old product which was released several years ago.
>
> Do you know if CVE-2016-2108<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2108> affected version 0.9.8zf? We want to get this info to plan our work.
>
> Thanks
> Lily
>
> CVE-2016-2108<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2108> (OpenSSL advisory) <https://www.openssl.org/news/secadv/20160503.txt> [High severity] 3rd May 2016: [https://www.openssl.org/img/up.gif] <https://www.openssl.org/news/vulnerabilities.html#toc>
> This issue affected versions of OpenSSL prior to April 2015.
>
> CVE-2016-2108<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2108> (OpenSSL advisory) <https://www.openssl.org/news/secadv/20160503.txt> [High severity] 3rd May 2016: [https://www.openssl.org/img/up.gif] <https://www.openssl.org/news/vulnerabilities.html#toc>
> * Fixed in OpenSSL 1.0.1o (Affected 1.0.1n, 1.0.1m, 1.0.1l, 1.0.1k, 1.0.1j, 1.0.1i, 1.0.1h, 1.0.1g, 1.0.1f, 1.0.1e, 1.0.1d, 1.0.1c, 1.0.1b, 1.0.1a, 1.0.1)
> * Fixed in OpenSSL 1.0.2c (Affected 1.0.2b, 1.0.2a, 1.0.2)
>
>
> --
> openssl-users mailing list
> To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
--
Marcus Meissner,SUSE LINUX GmbH; Maxfeldstrasse 5; D-90409 Nuernberg; Zi. 3.1-33,+49-911-740 53-432,,serv=loki,mail=wotan,type=real <meissner at suse.de>
--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
More information about the openssl-users
mailing list