2016-08-16 - OpenSSL Vulnerabilities

This vulnerability has no fix available at this time (other then mentioned patches below)

Issue: https://bugzilla.redhat.com/show_bug.cgi?id=1359615

Patch: https://github.com/openssl/openssl/commit/0ed26acce328ec16a3aa635f1ca37365e8c7403a

Advisory CVEs

CVE-2016-2180 - OpenSSL is vulnerable to a denial of service, caused by an out-of-bounds read in the TS_OBJ_print_bio function.

Action

xCAT uses OpenSSL for client-server communication but does not ship it. It is highly recommended to keep your OpenSSL levels up-to-date to prevent any potential security threats.