Linux

OpenSSL Padding Oracle vulnerability (CVE-2016-2107) is a memory vulnerability that allows users to run malicious code. It is real simple to update Ubuntu to fix this issue.

Option 1

apt-get install --only-upgrade libssl1.0.0
root@localhost:~# apt-get install --only-upgrade libssl1.0.0
Reading package lists... Done
Building dependency tree       
Reading state information... Done
libssl1.0.0 is already the newest version.
0 upgraded, 0 newly installed, 0 to remove and 2 not upgraded.

This will magically be fixed!

Option 2

You will just need to update your Ubuntu by way of

apt-get update -y
Ign http://mirrors.linode.com trusty InRelease
Get:1 http://security.ubuntu.com trusty-security InRelease [65.9 kB]     
Get:2 http://mirrors.linode.com trusty-updates InRelease [65.9 kB]             
Get:3 http://mirrors.linode.com trusty-backports InRelease [65.9 kB]
...
Removing debian:spi-cacert-2008.pem
Removing debian:SG_TRUST_SERVICES_RACINE.pem
done.
done.

Check your website through SSL Labs and you will notice a nice A+ instead of an automatic F

Ssllabs cve 2016 2107


Ssllabs cve 2016 2107 fixed