Quoting form the draft of OpenSSL upstream advisory: EBCDIC overread (CVE-2016-2176) =============================== Severity: Low ASN1 Strings that are over 1024 bytes can cause an overread in applications using the X509_NAME_oneline() function on EBCDIC systems. This could result in arbitrary stack data being returned in the buffer. OpenSSL 1.0.2 users should upgrade to 1.0.2h OpenSSL 1.0.1 users should upgrade to 1.0.1t This issue was reported to OpenSSL on 5th March 2016 by Guido Vranken. The fix was developed by Matt Caswell of the OpenSSL development team.
Acknowledgments: Name: the OpenSSL project Upstream: Guido Vranken
Created attachment 1152051 [details] OpenSSL upstream fix
OpenSSL packages distributed by Red Hat do not enable EBCDIC support and are therefore unaffected by this issue.
External References: https://openssl.org/news/secadv/20160503.txt
Upstream commit: https://git.openssl.org/?p=openssl.git;a=commitdiff;h=2919516136a4227d9e6d8f2fe66ef976aaf8c561