Errata overview
Errata ID 410
Date 2016-03-30
Source package openssl
Fixed in version 0.9.8o-4.108.201603021826
Multiple vulnerabilities have been discovered in the
OpenSSL libraries:
* PKCS#7 and CMS routines: malformed X509_ATTRIBUTE structure OpenSSL will
  leak memory (CVE-2015-3195)
* A malicious client could negotiate SSLv2 ciphers that had been disabled
  on the server and complete SSLv2 handshakes even if all SSLv2 ciphers
  have been disabled (CVE-2015-3197)
* Now, when using a DHE cipher suite a new DH key will always be
  generated for each connection.
* BN_hex2bn/BN_dec2bn NULL pointer deref/heap corruption (CVE-2016-0797)
* Memory issues in BIO_*printf functions (CVE-2016-0799)
* DROWN attack (CVE-2016-0800)
Additional notes
CVE ID CVE-2015-3195
UCS Bug number #40189