OpenSSL Advisory - May 2016 Fortinet PSIRT Advisories Fortinet PSIRT Contact: Website: https://fortiguard.fortinet.com/faq/psirt-contact FG-IR-16-026 Final 1 1 2016-09-22T00:00:00 Current version 2016-09-22T00:00:00 2016-09-22T00:00:00 OpenSSL released an update in May 2016 to address two high and four low severity vulnerabilities. OpenSSL released an update in May 2016 to address two high and four low severity vulnerabilities.CVE-2016-2108; CVE-2016-2107; CVE-2016-2105; CVE-2016-2106; CVE-2016-2109; CVE-2016-2176 Memory corruption and padding oracle FortiOS:5.4.05.2.7 and below 5.0.13 and belowFortiSwitch 3.4.1 and belowFortiAnalyzer:5.4.05.2.7 and belowFortiAP 5.4.0CVE-2016-2108:FortiOS 5.2.3 and below; 5.0.12 and belowFortiSwitch 3.3.3 and belowFortiAnalyzer 5.2.2 and belowFortiAP is not affectedShould you require further information then please contact Fortinet's Technical Assistance Center (TAC) via your usual support channel. FortiOS upgrade to: 5.4.1 and above; 5.2.8 and above; 5.0.14 and aboveFortiSwitch upgrade to: 3.4.2 and aboveFortiAnalyzer upgrade to: 5.4.1 and above; 5.2.8 and aboveFortiAP upgrade to: 5.4.1 and aboveCVE-2016-2108:FortiOS upgrade to: 5.4.0 and above; 5.2.4 and above; 5.0.13 and aboveFortiSwitch upgrade to: 3.4.0 and aboveFortiAnalyzer upgrade to: 5.4.0 and above; 5.2.3 and above https://fortiguard.fortinet.com/psirt/FG-IR-16-026 OpenSSL Advisory - May 2016 https://www.openssl.org/news/secadv/20160503.txt https://www.openssl.org/news/secadv/20160503.txt CVE-2016-2108 CVE-2016-2107 CVE-2016-2105 CVE-2016-2106 CVE-2016-2109 CVE-2016-2176 https://fortiguard.fortinet.com/psirt/FG-IR-16-026 OpenSSL Advisory - May 2016 Reference> https://www.openssl.org/news/secadv/20160503.txt https://www.openssl.org/news/secadv/20160503.txt