PSIRT Advisory

OpenSSL Advisory - May 2016

Summary

OpenSSL released an update in May 2016 to address two high and four low severity vulnerabilities.

Description

OpenSSL released an update in May 2016 to address two high and four low severity vulnerabilities.

CVE-2016-2108; CVE-2016-2107; CVE-2016-2105; CVE-2016-2106; CVE-2016-2109; CVE-2016-2176

Impact

Memory corruption and padding oracle

Affected Products

FortiOS:
5.4.0
5.2.7 and below
5.0.13 and below

FortiSwitch 3.4.1 and below

FortiAnalyzer:
5.4.0
5.2.7 and below

FortiAP 5.4.0


CVE-2016-2108:
FortiOS 5.2.3 and below; 5.0.12 and below
FortiSwitch 3.3.3 and below
FortiAnalyzer 5.2.2 and below
FortiAP is not affected

Should you require further information then please contact Fortinet's Technical Assistance Center (TAC) via your usual support channel.

Solutions

FortiOS upgrade to: 5.4.1 and above; 5.2.8 and above; 5.0.14 and above

FortiSwitch upgrade to: 3.4.2 and above

FortiAnalyzer upgrade to: 5.4.1 and above; 5.2.8 and above

FortiAP upgrade to: 5.4.1 and above


CVE-2016-2108:

FortiOS upgrade to: 5.4.0 and above; 5.2.4 and above; 5.0.13 and above
FortiSwitch upgrade to: 3.4.0 and above
FortiAnalyzer upgrade to: 5.4.0 and above; 5.2.3 and above