OpenSSL is vulnerable to padding oracle attacks. The library does not check if there is enough data in both the MAC hash and padding bytes, allowing an attacker to recover the plain text by using the server as a padding oracle. Note: This vulnerability exists because of an incorrect fix for CVE-2013-0169.
kb.juniper.net/InfoCenter/index?page=content&id=JSA10759
lists.apple.com/archives/security-announce/2016/Jul/msg00000.html
lists.fedoraproject.org/pipermail/package-announce/2016-May/183457.html
lists.fedoraproject.org/pipermail/package-announce/2016-May/183607.html
lists.fedoraproject.org/pipermail/package-announce/2016-May/184605.html
lists.opensuse.org/opensuse-security-announce/2016-05/msg00001.html
lists.opensuse.org/opensuse-security-announce/2016-05/msg00008.html
lists.opensuse.org/opensuse-security-announce/2016-05/msg00011.html
lists.opensuse.org/opensuse-security-announce/2016-05/msg00013.html
lists.opensuse.org/opensuse-security-announce/2016-05/msg00014.html
lists.opensuse.org/opensuse-security-announce/2016-05/msg00016.html
lists.opensuse.org/opensuse-security-announce/2016-05/msg00019.html
lists.opensuse.org/opensuse-security-announce/2016-06/msg00019.html
packetstormsecurity.com/files/136912/Slackware-Security-Advisory-openssl-Updates.html
rhn.redhat.com/errata/RHSA-2016-0722.html
rhn.redhat.com/errata/RHSA-2016-0996.html
rhn.redhat.com/errata/RHSA-2016-2073.html
rhn.redhat.com/errata/RHSA-2016-2957.html
source.android.com/security/bulletin/2016-07-01.html
support.citrix.com/article/CTX212736
tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160504-openssl
web-in-security.blogspot.ca/2016/05/curious-padding-oracle-in-openssl-cve.html
www.debian.org/security/2016/dsa-3566
www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html
www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html
www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html
www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html
www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html
www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html
www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html
www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html
www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html
www.securityfocus.com/bid/89760
www.securityfocus.com/bid/91787
www.securitytracker.com/id/1035721
www.slackware.com/security/viewer.php?l=slackware-security&y=2016&m=slackware-security.542103
www.ubuntu.com/usn/USN-2959-1
blog.cloudflare.com/yet-another-padding-oracle-in-openssl-cbc-ciphersuites/
bto.bluecoat.com/security-advisory/sa123
cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf
git.openssl.org/?p=openssl.git;a=commit;h=68595c0c2886e7942a14f98c17a55a88afb6c292
github.com/FredericJacobs/OpenSSL-Pod/blob/master/1.0.208/OpenSSL.podspec#L14
h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbgn03726en_us
h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbgn03728en_us
h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03756en_us
h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03765en_us
h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05164862
h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05320149
h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05386804
h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390722
kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA40202
kc.mcafee.com/corporate/index?page=content&id=SB10160
security.gentoo.org/glsa/201612-16
security.netapp.com/advisory/ntap-20160504-0001/
support.apple.com/HT206903
www.exploit-db.com/exploits/39768/
www.freebsd.org/security/advisories/FreeBSD-SA-16:17.openssl.asc
www.openssl.org/news/secadv/20160503.txt
www.tenable.com/security/tns-2016-18