[Forgot Password]
Login  Register Subscribe

24003

 
 

131573

 
 

108566

 
 

909

 
 

85401

 
 

134

Paid content will be excluded from the download.


Download | Alert*
OVAL

DSA-3673-1 openssl -- openssl

ID: oval:org.secpod.oval:def:602621Date: (C)2016-09-23   (M)2018-05-30
Class: PATCHFamily: unix




Several vulnerabilities were discovered in OpenSSL: CVE-2016-2177 Guido Vranken discovered that OpenSSL uses undefined pointer arithmetic. Additional information can be found at https://www.openssl.org/blog/blog/2016/06/27/undefined-pointer-arithmetic/ CVE-2016-2178 Cesar Pereida, Billy Brumley and Yuval Yarom discovered a timing leak in the DSA code. CVE-2016-2179 / CVE-2016-2181 Quan Luo and the OCAP audit team discovered denial of service vulnerabilities in DTLS. CVE-2016-2180 / CVE-2016-2182 / CVE-2016-6303 Shi Lei discovered an out-of-bounds memory read in TS_OBJ_print_bio and an out-of-bounds write in BN_bn2dec and MDC2_Update. CVE-2016-2183 DES-based cipher suites are demoted from the HIGH group to MEDIUM as a mitigation for the SWEET32 attack. CVE-2016-6302 Shi Lei discovered that the use of SHA512 in TLS session tickets is susceptible to denial of service. CVE-2016-6304 Shi Lei discovered that excessively large OCSP status request may result in denial of service via memory exhaustion. CVE-2016-6306 Shi Lei discovered that missing message length validation when parsing certificates may potentially result in denial of service.

Platform:
Debian 8.x
Product:
openssl
Reference:
DSA-3673-1
CVE-2016-2177
CVE-2016-2178
CVE-2016-2179
CVE-2016-2180
CVE-2016-2181
CVE-2016-2182
CVE-2016-2183
CVE-2016-6302
CVE-2016-6303
CVE-2016-6304
CVE-2016-6306
CVE    11
CVE-2016-2180
CVE-2016-2181
CVE-2016-6303
CVE-2016-6302
...
CPE    56
cpe:/a:openssl:openssl:1.0.1i
cpe:/a:openssl:openssl:1.0.1h
cpe:/a:openssl:openssl:1.0.1k
cpe:/a:openssl:openssl:1.0.1j
...

© SecPod Technologies