[Forgot Password]
Login  Register Subscribe

23631

 
 

115084

 
 

97147

 
 

909

 
 

78730

 
 

109

Paid content will be excluded from the download.


Download | Alert*
OVAL

DSA-3673-1 openssl -- openssl

ID: oval:org.secpod.oval:def:602621Date: (C)2016-09-23   (M)2017-11-18
Class: PATCHFamily: unix




Several vulnerabilities were discovered in OpenSSL: CVE-2016-2177 Guido Vranken discovered that OpenSSL uses undefined pointer arithmetic. Additional information can be found at https://www.openssl.org/blog/blog/2016/06/27/undefined-pointer-arithmetic/ CVE-2016-2178 Cesar Pereida, Billy Brumley and Yuval Yarom discovered a timing leak in the DSA code. CVE-2016-2179 / CVE-2016-2181 Quan Luo and the OCAP audit team discovered denial of service vulnerabilities in DTLS. CVE-2016-2180 / CVE-2016-2182 / CVE-2016-6303 Shi Lei discovered an out-of-bounds memory read in TS_OBJ_print_bio and an out-of-bounds write in BN_bn2dec and MDC2_Update. CVE-2016-2183 DES-based cipher suites are demoted from the HIGH group to MEDIUM as a mitigation for the SWEET32 attack. CVE-2016-6302 Shi Lei discovered that the use of SHA512 in TLS session tickets is susceptible to denial of service. CVE-2016-6304 Shi Lei discovered that excessively large OCSP status request may result in denial of service via memory exhaustion. CVE-2016-6306 Shi Lei discovered that missing message length validation when parsing certificates may potentially result in denial of service.

Platform:
Debian 8.x
Product:
openssl
Reference:
DSA-3673-1
CVE-2016-2177
CVE-2016-2178
CVE-2016-2179
CVE-2016-2180
CVE-2016-2181
CVE-2016-2182
CVE-2016-2183
CVE-2016-6302
CVE-2016-6303
CVE-2016-6304
CVE-2016-6306
CVE    11
CVE-2016-2180
CVE-2016-2181
CVE-2016-6303
CVE-2016-2178
...
CPE    4
cpe:/o:debian:debian_linux:8.x
cpe:/a:openssl:openssl:1.0.2
cpe:/a:openssl:openssl:1.0.1
cpe:/a:openssl:openssl
...

© 2013 SecPod Technologies