CVE-2016-7052 log
| Source |
|
| Severity | Medium |
| Remote | Yes |
| Type | Denial of service |
| Description | A bug fix which included a CRL sanity check was added to OpenSSL 1.1.0 but was omitted from OpenSSL 1.0.2i. As a result any attempt to use CRLs in OpenSSL 1.0.2i will crash with a null pointer exception. The issue was reported to OpenSSL on 22nd September 2016 by Bruce Stephens and Thomas Jakobi. |
| Group | Package | Affected | Fixed | Severity | Status | Ticket |
|---|---|---|---|---|---|---|
| AVG-34 | lib32-openssl | 1:1.0.2.i-1 | 1:1.0.2.j-1 | Medium | Fixed | |
| AVG-33 | openssl | 1.0.2.i-1 | 1.0.2.j-1 | Medium | Fixed |
| Date | Advisory | Group | Package | Severity | Type |
|---|---|---|---|---|---|
| 28 Sep 2016 | ASA-201609-30 | AVG-33 | openssl | Medium | denial of service |
| 27 Sep 2016 | ASA-201609-28 | AVG-34 | lib32-openssl | Medium | denial of service |
| References |
|---|
https://www.openssl.org/news/secadv/20160926.txt |
| Notes |
|---|
This issue only affects OpenSSL 1.0.2i. |