Quoting form the draft of OpenSSL upstream advisory:
EBCDIC overread (CVE-2016-2176)
ASN1 Strings that are over 1024 bytes can cause an overread in applications
using the X509_NAME_oneline() function on EBCDIC systems. This could result in
arbitrary stack data being returned in the buffer.
OpenSSL 1.0.2 users should upgrade to 1.0.2h
OpenSSL 1.0.1 users should upgrade to 1.0.1t
This issue was reported to OpenSSL on 5th March 2016 by Guido Vranken. The
fix was developed by Matt Caswell of the OpenSSL development team.
Name: the OpenSSL project
Upstream: Guido Vranken
Created attachment 1152051 [details]
OpenSSL upstream fix
OpenSSL packages distributed by Red Hat do not enable EBCDIC support and are therefore unaffected by this issue.