Debian: DSA-3673-1 Urgent: OpenSSL Service Disruption Vulnerabilities
debian
September 22, 2016
Several vulnerabilities were discovered in OpenSSL: CVE-2016-2177
Topics Covered
Summary
Several vulnerabilities were discovered in OpenSSL:
CVE-2016-2177
Guido Vranken discovered that OpenSSL uses undefined pointer
arithmetic. Additional information can be found at
CVE-2016-2178
Cesar Pereida, Billy Brumley and Yuval Yarom discovered a timing
leak in the DSA code.
CVE-2016-2179 / CVE-2016-2181
Quan Luo and the OCAP audit team discovered denial of service
vulnerabilities in DTLS.
CVE-2016-2180 / CVE-2016-2182 / CVE-2016-6303
Shi Lei discovered an out-of-bounds memory read in
TS_OBJ_print_bio() and an out-of-bounds write in BN_bn2dec()
and MDC2_Update().
CVE-2016-2183
DES-based cipher suites are demoted from the HIGH group to MEDIUM
as a mitigation for the SWEET32 attack.
CVE-2016-6302
Shi Lei discovered that the use of SHA512 in TLS session tickets
is susceptible to denial of service.
CVE-2016-6304
Shi Lei discovered that excessively large OCSP status request may
result in denial of service via memory exhaustion.
CVE-2016-6306
...
PREVIOUS
NEXT
Severity
critical
Lowest
Low
Medium
High
Critical
Package: openssl
CVE ID: CVE-2016-2177 CVE-2016-2178 CVE-2016-2179 CVE-2016-2180
Topics Covered
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Related News
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!