—–BEGIN PGP SIGNED MESSAGE—–
Hash: SHA512
Cisco Security Advisory: Multiple Vulnerabilities in OpenSSL Affecting Cisco Products: May 2016
Advisory ID: cisco-sa-20160504-openssl
Revision 1.0
For Public Release 2016 May 04 19:30 GMT (UTC)
+———————————————————————
Summary
=======
On May 3, 2016, the OpenSSL Software Foundation released a security advisory that included six vulnerabilities. Out of the six vulnerabilities disclosed, four of them may cause a memory corruption or excessive memory usage, one could allow a padding oracle attack to decrypt traffic when the connection uses an AES CBC cipher and the server supports AES-NI, and, lastly, one is specific to a product performing an operation with Extended Binary Coded Decimal Interchange Code (EBCDIC) encoding.
Multiple Cisco products incorporate a version of the OpenSSL package affected by one or more vulnerabilities.
This advisory will be updated as additional information becomes available.
This advisory is available at the following link:
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160504-openssl
—–BEGIN PGP SIGNATURE—–
Version: GnuPG/MacGPG2 v2
Comment: GPGTools – https://gpgtools.org
iQIcBAEBCgAGBQJXKlTFAAoJEK89gD3EAJB5gbgP/i8P9n6GNTj8WmRkfx9Iu54o
LTNnlJ1gaOTxl4CWeeBAXre6LIJ0l2oMarScMchbI5uje7oxdR7r1jq1a+Fd3Xa9
r4YWfoWzfkO/77ULtxr2vHzvLCDHxpU2Q92heDCMU0ZdSvTguTQ65vxPeVuNpqnp
mI9IKs86Sm9WlY1fm1goAkIr8ES4+vC2MMPXc2xt77Zq8QnLXVgRxapgXBdmQuOS
ihwiTPNtnU8Is+X9wvZoalBPqYBoZr6nYTzTTmEr6RkhMugq5klHxUs1CMEdkDlJ
7m3eVle45BJMJCR3DXY9Hu+zzWHh55K6XVFBYL03TfaVPx1P7IxJdhZJXFYe6wP6
ySY+uYfIfuVH3KLyL/xBy1v3rotIKJtpp4/RSYRVk99zQvs7Up1dHfNkcEHNPOH2
YzSoIW+h/ykSDowLHLgx0NnHEHSOViTKySzZBsRsXXRNumHv6rXl3kfvT2ZHbAin
d6SZ4ONMxNZmeF+0etG0HWPLA1bO8FXsv6Qi9AKrm4ldIWE4mKw+a5PNPFkmL9z+
Pkj5nmaye2y21hWf8AZV1ThUvYp/xZO9vEsked8r4qrHznUwWZsqPv1raPGTAIBp
G50FxE1Z6Fxr4CuxH5nHpyzhF+ZANl/JeCOzQc9j8VzqW3nD5PzqLZQL9KGYUNq0
OfdMkykaRaf0jwlAvCTF
=xju6
—–END PGP SIGNATURE—–
_______________________________________________
cust-security-announce mailing list
cust-security-announce@cisco.com
To unsubscribe, send the command “unsubscribe” in the subject of your message to cust-security-announce-leave@cisco.com