[c-nsp] Cisco Security Advisory: Multiple Vulnerabilities in OpenSSL Affecting Cisco Products: May 2016

Wed May 4 16:33:07 EDT 2016

On May 3, 2016, the OpenSSL Software Foundation released a security advisory that included six vulnerabilities. Out of the six vulnerabilities disclosed, four of them may cause a memory corruption or excessive memory usage, one could allow a padding oracle attack to decrypt traffic when the connection uses an AES CBC cipher and the server supports AES-NI, and, lastly, one is specific to a product performing an operation with Extended Binary Coded Decimal Interchange Code (EBCDIC) encoding.

Multiple Cisco products incorporate a version of the OpenSSL package affected by one or more vulnerabilities.

This advisory will be updated as additional information becomes available.

This advisory is available at the following link:
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160504-openssl

-----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2
Comment: GPGTools - https://gpgtools.org

iQIcBAEBCgAGBQJXKlTFAAoJEK89gD3EAJB5gbgP/i8P9n6GNTj8WmRkfx9Iu54o
LTNnlJ1gaOTxl4CWeeBAXre6LIJ0l2oMarScMchbI5uje7oxdR7r1jq1a+Fd3Xa9
r4YWfoWzfkO/77ULtxr2vHzvLCDHxpU2Q92heDCMU0ZdSvTguTQ65vxPeVuNpqnp
mI9IKs86Sm9WlY1fm1goAkIr8ES4+vC2MMPXc2xt77Zq8QnLXVgRxapgXBdmQuOS
ihwiTPNtnU8Is+X9wvZoalBPqYBoZr6nYTzTTmEr6RkhMugq5klHxUs1CMEdkDlJ
7m3eVle45BJMJCR3DXY9Hu+zzWHh55K6XVFBYL03TfaVPx1P7IxJdhZJXFYe6wP6
ySY+uYfIfuVH3KLyL/xBy1v3rotIKJtpp4/RSYRVk99zQvs7Up1dHfNkcEHNPOH2
YzSoIW+h/ykSDowLHLgx0NnHEHSOViTKySzZBsRsXXRNumHv6rXl3kfvT2ZHbAin
d6SZ4ONMxNZmeF+0etG0HWPLA1bO8FXsv6Qi9AKrm4ldIWE4mKw+a5PNPFkmL9z+
Pkj5nmaye2y21hWf8AZV1ThUvYp/xZO9vEsked8r4qrHznUwWZsqPv1raPGTAIBp
G50FxE1Z6Fxr4CuxH5nHpyzhF+ZANl/JeCOzQc9j8VzqW3nD5PzqLZQL9KGYUNq0
OfdMkykaRaf0jwlAvCTF
=xju6
-----END PGP SIGNATURE-----