Debian: DSA-3500-1 Critical: OpenSSL Memory Leak And Side-Channel Issues
debian
March 1, 2016
Several vulnerabilities were discovered in OpenSSL, a Secure Socket Layer toolkit
Topics Covered
Summary
CVE-2016-0702
Yuval Yarom from the University of Adelaide and NICTA, Daniel Genkin
from Technion and Tel Aviv University, and Nadia Heninger from the
University of Pennsylvania discovered a side-channel attack which
makes use of cache-bank conflicts on the Intel Sandy-Bridge
microarchitecture. This could allow local attackers to recover RSA
private keys.
CVE-2016-0705
Adam Langley from Google discovered a double free bug when parsing
malformed DSA private keys. This could allow remote attackers to
cause a denial of service or memory corruption in applications
parsing DSA private keys received from untrusted sources.
CVE-2016-0797
Guido Vranken discovered an integer overflow in the BN_hex2bn and
BN_dec2bn functions that can lead to a NULL pointer dereference and
heap corruption. This could allow remote attackers to cause a denial
of service or memory corruption in applications processing hex or
dec data received from untrusted sources.
CVE-20...
PREVIOUS 
NEXT Severity
critical
Lowest
Low
Medium
High
Critical
Package: openssl
CVE ID: CVE-2016-0702 CVE-2016-0705 CVE-2016-0797 CVE-2016-0798
Topics Covered
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!