MGASA-2016-0338

See a problem?
Please try reporting it to the source first.

Source

https://advisories.mageia.org/MGASA-2016-0338.html

Import Source

https://advisories.mageia.org/MGASA-2016-0338.json

JSON Data

https://api.osv.dev/v1/vulns/MGASA-2016-0338

Related

Published

2016-10-11T22:12:20Z

Modified

2016-10-11T22:04:48Z

Summary

Updated openssl packages fix security vulnerabilities

Details

Guido Vranken discovered that OpenSSL uses undefined pointer arithmetic (CVE-2016-2177).

Cesar Pereida, Billy Brumley and Yuval Yarom discovered a timing leak in the DSA code (CVE-2016-2178).

Quan Luo and the OCAP audit team discovered denial of service vulnerabilities in DTLS (CVE-2016-2179, CVE-2016-2181).

Shi Lei discovered an out-of-bounds memory read in TSOBJprintbio() and an out-of-bounds write in BNbn2dec() and MDC2_Update() (CVE-2016-2180, CVE-2016-2182, CVE-2016-6303).

DES-based cipher suites are demoted from the HIGH group to MEDIUM as a mitigation for the SWEET32 attack (CVE-2016-2183).

Shi Lei discovered that the use of SHA512 in TLS session tickets is susceptible to denial of service (CVE-2016-6302).

Shi Lei discovered that excessively large OCSP status request may result in denial of service via memory exhaustion (CVE-2016-6304).

Shi Lei discovered that missing message length validation when parsing certificates may potentially result in denial of service (CVE-2016-6306).

References

Credits

- Mageia - COORDINATOR
- - https://wiki.mageia.org/en/Packages_Security_Team

Affected packages

Mageia:5 / openssl

Package

Name: openssl
Purl: pkg:rpm/mageia/openssl?distro=mageia-5

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.0.2j-1.mga5

Ecosystem specific

{
    "section": "core"
}