Fixing OpenSSL Padding Oracle vulnerability (CVE-2016-2107)

This works well on my Ubuntu 14.04

# Based on
$ sudo apt-get update
$sudo apt-get install –only-upgrade libssl1.0.0 openssl
#check if it patches successfully.

$ zgrep -ie “(CVE-2016-2108|CVE-2016-2107)” /usr/share/doc/libssl1.0.0/changelog.Debian.gz

Output should be like this:
– debian/patches/CVE-2016-2107.patch: check that there are enough
– CVE-2016-2107
– debian/patches/CVE-2016-2108-1.patch: don’t mishandle zero if it is
– debian/patches/CVE-2016-2108-2.patch: fix ASN1_INTEGER handling in
– CVE-2016-2108

$ sudo apt-get dist-upgrade

$ wget
$ tar -xvzf openssl-1.0.2h.tar.gz
$ cd openssl-1.0.2h
$ ./config –prefix=/usr/
$ make depend
$ sudo make install
$ openssl version
# OpenSSL 1.0.2h 3 May 2016

# now restart your nginx or other server
$ sudo service nginx restart

# check your website here

Leave a Reply

Your email address will not be published. Required fields are marked *