Main Vulnerability Database SB2016092705

SB2016092705 - Arch Linux update for lib32-openssl

Published: September 27, 2016

Security Bulletin ID SB2016092705

Severity

Medium

Patch available

YES

Number of vulnerabilities 1

Exploitation vector Remote access

Highest impact Denial of service

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 security vulnerability.

1) Missing CRL sanity check (CVE-ID: CVE-2016-7052)

The vulnerability allows a remote attacker to cause a denial of service.

The vulnerability exists due to incorrect implementation of CRL sanity check in version 1.0.2i. Any attempt to use CRLs results in null pointe exception and crashes the process.

Remediation

Install update from vendor's website.

References

https://security.archlinux.org/advisory/ASA-201609-28