OpenSSL CVE-2016-2107 Vulnerability
A vulnerability has been identified in OpenSSL that could exploit an intermediary attack. When a client communicates with a cryptographic module and server (AES-NI support) associated with AES_128 (256) _CBC, an attacker can decrypt data sent by the client and server through a padding oracle attack.
Any version of OpenSSL 1.0.1s or earlier
OpenSSL 1.0.2g or lower All versions
Upgrading to OpenSSL 1.0.1t
Upgrading to OpenSSL 1.0.2h
CentOS / Red Hat Enterprise
sudo yum clean all sudo yum update openssl sudo reboot
Ubuntu / Debian
sudo apt-get update sudo apt-get install openssl reboot
If the openssl update does not work, please proceed with the upgrade command.
sudo apt-get upgrade