CVE-2016-6302 log
| Source |
|
| Severity | Low |
| Remote | Yes |
| Type | Denial of service |
| Description | If a server uses SHA512 for TLS session ticket HMAC it is vulnerable to a DoS attack where a malformed ticket will result in an OOB read which will ultimately crash. The use of SHA512 in TLS session tickets is comparatively rare as it requires a custom server callback and ticket lookup mechanism. |
| Group | Package | Affected | Fixed | Severity | Status | Ticket |
|---|---|---|---|---|---|---|
| AVG-30 | lib32-openssl | 1:1.0.2.h-1 | 1:1.0.2.i-1 | High | Fixed | |
| AVG-29 | openssl | 1.0.2.h-1 | 1.0.2.i-1 | High | Fixed | FS#49616 |
| Date | Advisory | Group | Package | Severity | Type |
|---|---|---|---|---|---|
| 26 Sep 2016 | ASA-201609-24 | AVG-30 | lib32-openssl | High | multiple issues |
| 26 Sep 2016 | ASA-201609-23 | AVG-29 | openssl | High | multiple issues |
| References |
|---|
https://www.openssl.org/news/secadv/20160922.txt |