[Forgot Password]
Login  Register Subscribe

23631

 
 

115083

 
 

97147

 
 

909

 
 

78730

 
 

109

Paid content will be excluded from the download.


Download | Alert*
OVAL

ELSA-2016-1940 -- Oracle openssl

ID: oval:org.secpod.oval:def:1501583Date: (C)2016-09-29   (M)2017-11-10
Class: PATCHFamily: unix




Several vulnerabilities were discovered in OpenSSL: CVE-2016-2177 Guido Vranken discovered that OpenSSL uses undefined pointer arithmetic. Additional information can be found at https://www.openssl.org/blog/blog/2016/06/27/undefined-pointer-arithmetic/ CVE-2016-2178 Cesar Pereida, Billy Brumley and Yuval Yarom discovered a timing leak in the DSA code. CVE-2016-2179 / CVE-2016-2181 Quan Luo and the OCAP audit team discovered denial of service vulnerabilities in DTLS. CVE-2016-2180 / CVE-2016-2182 / CVE-2016-6303 Shi Lei discovered an out-of-bounds memory read in TS_OBJ_print_bio and an out-of-bounds write in BN_bn2dec and MDC2_Update. CVE-2016-2183 DES-based cipher suites are demoted from the HIGH group to MEDIUM as a mitigation for the SWEET32 attack. CVE-2016-6302 Shi Lei discovered that the use of SHA512 in TLS session tickets is susceptible to denial of service. CVE-2016-6304 Shi Lei discovered that excessively large OCSP status request may result in denial of service via memory exhaustion. CVE-2016-6306 Shi Lei discovered that missing message length validation when parsing certificates may potentially result in denial of service.

Platform:
Oracle Linux 7
Product:
openssl
Reference:
ELSA-2016-1940
CVE-2016-2177
CVE-2016-2178
CVE-2016-2179
CVE-2016-2180
CVE-2016-2181
CVE-2016-2182
CVE-2016-6302
CVE-2016-6304
CVE-2016-6306
CVE-2016-2183
CVE    10
CVE-2016-2177
CVE-2016-2180
CVE-2016-2181
CVE-2016-2182
...
CPE    50
cpe:/a:openssl:openssl
cpe:/o:oracle:linux:7
cpe:/a:hp:icewall_mcrp:3.0
cpe:/a:hp:icewall_sso:10.0::~~dfw~~~
...

© 2013 SecPod Technologies