Emilia Käsper

**Name of the Vulnerable Software and Affected Versions** Apple OS X versions prior to 10.11.5 **Description** The issue is related to the lack of protection for internal data in the Tcl component of the operating system. It can be exploited by a remote attacker to obtain sensitive information by leveraging SSLv2 support. **Recommendations** For Apple OS X versions prior to 10.11.5, update to version 10.11.5 or later to resolve the issue. As a temporary workaround, consider disabling SSLv2 support to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** OpenSSL versions prior to 0.9.8zf OpenSSL versions prior to 1.0.0r OpenSSL versions prior to 1.0.1m OpenSSL versions prior to 1.0.2a **Description** The issue affects the OpenSSL package, which is used in various operating systems, including Red Hat Enterprise Linux. Exploitation of the vulnerabilities can lead to a violation of confidentiality, integrity, and availability of protected information. The vulnerabilities can be exploited remotely. The ASN1 item ex d2i function in crypto/asn1/tasn dec.c does not reinitialize CHOICE and ADB data structures, which might allow attackers to cause a denial of service (invalid write operation and memory corruption) by leveraging an application that relies on ASN.1 structure reuse. **Recommendations** For OpenSSL versions prior to 0.9.8zf, update to version 0.9.8zf or later. For OpenSSL versions prior to 1.0.0r, update to version 1.0.0r or later. For OpenSSL versions prior to 1.0.1m, update to version 1.0.1m or later. For OpenSSL versions prior to 1.0.2a, update to version 1.0.2a or later.