Fix OpenSSL CVE-2016-2107 Vulnerability

OpenSSL CVE-2016-2107 Vulnerability

A vulnerability has been identified in OpenSSL that could exploit an intermediary attack. When a client communicates with a cryptographic module and server (AES-NI support) associated with AES_128 (256) _CBC, an attacker can decrypt data sent by the client and server through a padding oracle attack.

Affected Versions

Any version of OpenSSL 1.0.1s or earlier

OpenSSL 1.0.2g or lower All versions

Patch method

Upgrading to OpenSSL 1.0.1t

Upgrading to OpenSSL 1.0.2h

CentOS / Red Hat Enterprise

sudo yum clean all
sudo yum update openssl
sudo reboot

Ubuntu / Debian

sudo apt-get update
sudo apt-get install openssl

If the openssl update does not work, please proceed with the upgrade command.

sudo apt-get upgrade 
Facebook Comments

Leave A Reply

Detection ADBlockPlease, Disable or add to white list on our site.