SB2016092620 - Arch Linux update for lib32-openssl 

CSH
CYBERSECURITY HELP
Sign In REGISTER

Main Vulnerability Database SB2016092620

SB2016092620 - Arch Linux update for lib32-openssl

Published: September 26, 2016 Updated: April 24, 2025

Security Bulletin ID SB2016092620
Severity
High
Patch available
YES
Number of vulnerabilities 12
Exploitation vector Remote access
Highest impact Code execution

Breakdown by Severity

High 8% Medium 50% Low 42%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 12 secuirty vulnerabilities.


1) Denial of service (CVE-ID: CVE-2016-6304)

The vulnerability allows a remote unauthenticated user to cause DoS conditions on the target system.
The weakness is due to insufficient validation of input length. By sending messages with excessive length attackers can cause resource exhaustion that leads to denial of service
Successful exploitation of the vulnerability allows a malicious user to trigger the vulnerable service to deny.

2) Resource exhaustion (CVE-ID: CVE-2016-6304)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to improper resource management in OCSP stapling implementation in OpenSSL. A remote attacker can multiple requests with a large OCSP Status Request extension and consume all available memory on the system.


3) Observable discrepancy (CVE-ID: CVE-2016-2178)

The vulnerability allows a local user to perform timing attack.

The vulnerability exists due to an error within the dsa_sign_setup() function in crypto/dsa/dsa_ossl.c. A local user can obtain a DSA private key via a timing side-channel attack.


4) Integer overflow in ssl3_get_client_hello() (CVE-ID: CVE-2016-2177)

The vulnerability allows a remote attacker to cause denial of service conditions on the target system.
The vulnerability exists due to a boundary error in ssl3_get_client_hello() function. A remote attacker can cause integer overflow by sending specially crafted data and crash the service.
Successful exploitation of this vulnerability may cause the target service to crash.

5) Information disclosure (CVE-ID: CVE-2016-2183)

The vulnerability allows a remote attacker to decrypt transmitted data.

The vulnerability exists due to remote user's ability to control the network and capture long duration 3DES CBC mode encrypted session during which he can see a part of the text. In case of repeated sending the attacker can read the part and reconstruct the whole text.

Successful exploitation of this vulnerability may allow a remote attacker to decode transmitted data. This vulnerability is known as SWEET32.


6) Out-of-bounds write (CVE-ID: CVE-2016-2182)

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a boundary error within the BN_bn2dec() function in crypto/bn/bn_print.c in OpenSSL. A remote attacker can send specially crafted data to the server, trigger an out-of-bounds write and execute arbitrary code on the target system.


7) Denial of service (CVE-ID: CVE-2016-6303)

The vulnerability allows a remote unauthenticated user to cause DoS conditions on the vulnerable system.
The weakness is caused by integer overflow in the MDC2_Update() function in 'crypto/mdc2/mdc2dgst.c'. By using large ammounts of input data attackers are able to trigger error in input length validation that leads to  crash of the affected service.
Successful exploitation of the vulnerability will result in denial of service on the vulnerable system.


8) Resource management error (CVE-ID: CVE-2016-2179)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to improper management of internal resources in the Datagram TLS (DTLS) implementation. A remote attacker can initiate and maintain multiple crafted DTLS sessions simultaneously and perform a denial of service (DoS) attack.


9) Out-of-bounds read (CVE-ID: CVE-2016-2180)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a boundary condition within the TS_OBJ_print_bio() function in crypto/ts/ts_lib.c in the X.509 Public Key Infrastructure Time-Stamp Protocol (TSP) implementation in OpenSSL. A remote attacker can perform a denial of service (DoS) attack via a crafted time-stamp file that is mishandled by the "openssl ts" command.


10) Input validation error (CVE-ID: CVE-2016-2181)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to insufficient validation of user-supplied input within the Anti-Replay feature in the DTLS implementation when using a new epoch number in conjunction with a large sequence number. A remote attacker can perform a denial of service (DoS) attack (false-positive packet drops) via spoofed DTLS records.


11) Out-of-bounds read (CVE-ID: CVE-2016-6302)

The vulnerability allows a remote attacker to denial of service (DoS) attack.

The vulnerability exists due to a boundary condition when handling SHA512 TLS session tickets. A remote attacker can send specially crafted packets to the system, trigger an out-of-bounds read error and perform a denial of service (DoS) attack.


12) Denial of service (CVE-ID: CVE-2016-6306)

The vulnerability allows a remote unauthenticated user to cause DoS conditions on the target system.
The weakess exists due insufficient length validation of certain TLS/SSL protocol handshake messages. By causing out-of-bounds read error attackers can trigger the affected service deny.
Successful exploitation of the vulnerability will result in denial of service on the vulnerable system.

Remediation

Install update from vendor's website.

References