From 8abf2b0334301bcb9f92712b245ab12fd15350da Mon Sep 17 00:00:00 2001
From: Victor Hu <whowutwut@gmail.com>
Date: Tue, 16 Aug 2016 14:34:32 -0400
Subject: [PATCH] Provide Security Notice for Vulnerability created on
 2016-08-15

---
 docs/source/security/2016/20160815_openssl.rst | 18 ++++++++++++++++++
 docs/source/security/2016/index.rst            |  1 +
 2 files changed, 19 insertions(+)
 create mode 100644 docs/source/security/2016/20160815_openssl.rst

diff --git a/docs/source/security/2016/20160815_openssl.rst b/docs/source/security/2016/20160815_openssl.rst
new file mode 100644
index 000000000..1a99c972d
--- /dev/null
+++ b/docs/source/security/2016/20160815_openssl.rst
@@ -0,0 +1,18 @@
+2016-08-16 - OpenSSL Vulnerabilities
+====================================
+
+This vulnerability has no fix available at this time (other then mentioned patches below)
+
+Issue: https://bugzilla.redhat.com/show_bug.cgi?id=1359615
+
+Patch: https://github.com/openssl/openssl/commit/0ed26acce328ec16a3aa635f1ca37365e8c7403a
+
+Advisory CVEs
+-------------
+
+`CVE-2016-2180 <https://exchange.xforce.ibmcloud.com/vulnerabilities/115829>`_ - OpenSSL is vulnerable to a denial of service, caused by an out-of-bounds read in the TS_OBJ_print_bio function. 
+
+Action
+------
+
+xCAT uses OpenSSL for client-server communication but **does not** ship it.  It is highly recommended to keep your OpenSSL levels up-to-date to prevent any potential security threats.  
diff --git a/docs/source/security/2016/index.rst b/docs/source/security/2016/index.rst
index 3017c40dd..3a564ae52 100644
--- a/docs/source/security/2016/index.rst
+++ b/docs/source/security/2016/index.rst
@@ -8,3 +8,4 @@
    20160301_openssl.rst
    20160128_openssl.rst
    20160115_openssl.rst
+   20160815_openssl.rst