AVG-29

Package openssl
Status Fixed
Severity High
Type multiple issues
Affected 1.0.2.h-1
Fixed 1.0.2.i-1
Current 1.1.0.h-1 [core]
Ticket FS#49616
Created Thu Sep 22 11:12:24 2016
Issue Severity Remote Type Description
CVE-2016-6306 Low Yes Denial of service
In OpenSSL 1.0.2 and earlier some missing message length checks can result in OOB reads of up to 2 bytes beyond an allocated buffer. There is a theoretical...
CVE-2016-6304 High Yes Denial of service
A malicious client can send an excessively large OCSP Status Request extension. If that client continually requests renegotiation, sending a large OCSP...
CVE-2016-6303 Low Yes Arbitrary code execution
An overflow can occur in MDC2_Update() either if called directly or through the EVP_DigestUpdate() function using MDC2. If an attacker is able to supply...
CVE-2016-6302 Low Yes Denial of service
If a server uses SHA512 for TLS session ticket HMAC it is vulnerable to a DoS attack where a malformed ticket will result in an OOB read which will...
CVE-2016-2183 Medium Yes Information disclosure
SWEET32 (https://sweet32.info) is an attack on older block cipher algorithms that use a block size of 64 bits. In mitigation for the SWEET32 attack DES...
CVE-2016-2182 Low Yes Arbitrary code execution
The function BN_bn2dec() does not check the return value of BN_div_word(). This can cause an OOB write if an application uses this function with an overly...
CVE-2016-2181 Low Yes Denial of service
A flaw in the DTLS replay attack protection mechanism means that records that arrive for future epochs update the replay protection "window" before the MAC...
CVE-2016-2180 Low Yes Denial of service
The function TS_OBJ_print_bio() misuses OBJ_obj2txt(): the return value is the total length the OID text representation would use and not the amount of data...
CVE-2016-2179 Low Yes Denial of service
In a DTLS connection where handshake messages are delivered out-of- order those messages that OpenSSL is not yet ready to process will be buffered for later...
CVE-2016-2178 High Yes Private key recovery
Operations in the DSA signing algorithm should run in constant time in order to avoid side channel attacks. A flaw in the OpenSSL DSA implementation means...
CVE-2016-2177 Medium Yes Denial of service
OpenSSL through 1.0.2h incorrectly uses pointer arithmetic for heap- buffer boundary checks, which might allow remote attackers to cause a denial of service...
Date Advisory Package Description
26 Sep 2016 ASA-201609-23 openssl multiple issues
References
https://www.openssl.org/news/secadv/20160922.txt