Fix OpenSSL CVE-2016-2107 Vulnerability

OpenSSL CVE-2016-2107 Vulnerability

A vulnerability has been identified in OpenSSL that could exploit an intermediary attack. When a client communicates with a cryptographic module and server (AES-NI support) associated with AES_128 (256) _CBC, an attacker can decrypt data sent by the client and server through a padding oracle attack.

https://www.openssl.org/news/secadv/20160503.txt

Affected Versions

Any version of OpenSSL 1.0.1s or earlier

OpenSSL 1.0.2g or lower All versions

Patch method

Upgrading to OpenSSL 1.0.1t

Upgrading to OpenSSL 1.0.2h

CentOS / Red Hat Enterprise

sudo yum clean all
sudo yum update openssl
sudo reboot

Ubuntu / Debian

sudo apt-get update
sudo apt-get install openssl
reboot

If the openssl update does not work, please proceed with the upgrade command.

sudo apt-get upgrade 
Facebook Comments

Leave A Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.