openSSL security vulnerability in Filr (CVE-2016-2107)

  • 7017793
  • 30-Jun-2016
  • 22-Jul-2016


Novell Filr 2.0


The AES-NI implementation in OpenSSL before 1.0.1t and 1.0.2 before 1.0.2h does not consider memory allocation during a certain padding check, which allows remote attackers to obtain sensitive cleartext information via a padding-oracle attack against an AES CBC session. NOTE: This vulnerability exists because of an incorrect fix for CVE-2013-0169.

Novell Filr 2.0 is affected since it uses openSSL 1.0.1g-0.35.1.


A fix for this issue is available in the Filr 2.0 Security Update 2, available via the Novell Patch Finder.


Feedback service temporarily unavailable. For content questions or problems, please contact Support.