https://www.elastic.co/blog/kibana-4-5-1-and-4-1-7 https://github.com/gentoo/gentoo/pull/1491
CVE-2016-2107 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2107): The AES-NI implementation in OpenSSL before 1.0.1t and 1.0.2 before 1.0.2h does not consider memory allocation during a certain padding check, which allows remote attackers to obtain sensitive cleartext information via a padding-oracle attack against an AES CBC session, NOTE: this vulnerability exists because of an incorrect fix for CVE-2013-0169.
Packages were bumped and vulnerable removed: commit 5e3ccc903f68180c057cfc10ba8b7ace13f083d6 Author: Tomas Mozes <hydrapolic@gmail.com> Date: Thu May 19 15:42:23 2016 +0200 www-apps/kibana-bin: bump to 4.1.7/4.5.1, drop old Package-Manager: portage-2.3.0_rc1 Closes: https://github.com/gentoo/gentoo/pull/1491 Signed-off-by: Ian Delaney <idella4@gentoo.org>