SB2016120705 - Gentoo update for OpenSSL
Published: December 7, 2016 Updated: April 24, 2025
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 16 secuirty vulnerabilities.
1) Heap overflow (CVE-ID: CVE-2016-2105)
The vulnerability allows a remote user to cause heap overflow on the target system.The weakness is caused by insufficient input validation. By sending a great deal of input data attackers are able to cause overflow of the EVP_EncodeUpdate() function used for binary data encoding.
Successful exploitation of the vulnerability may result in heap overflow on the vulnerable system.
2) Input validation error (CVE-ID: CVE-2016-2106)
The vulnerability allows a remote non-authenticated attacker to perform a denial of service (DoS) attack.
Integer overflow in the EVP_EncryptUpdate function in crypto/evp/evp_enc.c in OpenSSL before 1.0.1t and 1.0.2 before 1.0.2h allows remote attackers to cause a denial of service (heap memory corruption) via a large amount of data.
3) Traffic decryption (CVE-ID: CVE-2016-2107)
The vulnerability allows a remote user to decrypt traffic on the target system.The weakness is due to access control error.If the connection uses an AES CBC cipher and the server support AES-NI attackers can perform padding oracle attack.
Successful exploitation of the vulnerability leads to traffic decryption on the vulnerable system.
4) Memory corruption (CVE-ID: CVE-2016-2108)
The vulnerability allows a remote user to cause memory corruption on the target system.The weakness exists due to buffer underflow with an out-of-bounds write in i2c_ASN1_INTEGER. As ASN.1 parser (specifically, d2i_ASN1_TYPE) can misinterpret a large universal tag as a negative zero value, attacker may easily corrupt memory.
Successful exploitation of the vulnerability will allow a malicious user to trigger memory corruption on the vulnerable system.
5) Excessive memory allocation (CVE-ID: CVE-2016-2109)
The vulnerability allows a remote user to cause excessive memory allocation on the target system.The weakness exists during reading ASN.1 data by d2i_CMS_bio() function. A short invalid encoding leads to distribution of large amounts of memory for excessive resources or exhausting memory.
Successful exploitation of the vulnerability may result in excessive memory allocation.
6) Buffer Over-read (CVE-ID: CVE-2016-2176)
The vulnerability allows a remote to cause buffer over-read on the target system.The weakness exists due to overread in applications using the X509_NAME_oneline() function on EBCDIC systems. The vulnerability leads to arbitrary stack data return to the buffer.
Successful exploitation of the weakness results in buffer over-read on the vulnerable system.
7) Integer overflow in ssl3_get_client_hello() (CVE-ID: CVE-2016-2177)
The vulnerability allows a remote attacker to cause denial of service conditions on the target system.The vulnerability exists due to a boundary error in ssl3_get_client_hello() function. A remote attacker can cause integer overflow by sending specially crafted data and crash the service.
Successful exploitation of this vulnerability may cause the target service to crash.
8) Observable discrepancy (CVE-ID: CVE-2016-2178)
The vulnerability allows a local user to perform timing attack.
The vulnerability exists due to an error within the dsa_sign_setup() function in crypto/dsa/dsa_ossl.c. A local user can obtain a DSA private key via a timing side-channel attack.
9) Out-of-bounds read (CVE-ID: CVE-2016-2180)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a boundary condition within the TS_OBJ_print_bio() function in crypto/ts/ts_lib.c in the X.509 Public Key Infrastructure Time-Stamp Protocol (TSP) implementation in OpenSSL. A remote attacker can perform a denial of service (DoS) attack via a crafted time-stamp file that is mishandled by the "openssl ts" command.
10) Information disclosure (CVE-ID: CVE-2016-2183)
The vulnerability allows a remote attacker to decrypt transmitted data.
The vulnerability exists due to remote user's ability to control the network and capture long duration 3DES CBC mode encrypted session during which he can see a part of the text. In case of repeated sending the attacker can read the part and reconstruct the whole text.
Successful exploitation of this vulnerability may allow a remote attacker to decode transmitted data. This vulnerability is known as SWEET32.
11) Denial of service (CVE-ID: CVE-2016-6304)
The vulnerability allows a remote unauthenticated user to cause DoS conditions on the target system.The weakness is due to insufficient validation of input length. By sending messages with excessive length attackers can cause resource exhaustion that leads to denial of service
Successful exploitation of the vulnerability allows a malicious user to trigger the vulnerable service to deny.
12) Resource exhaustion (CVE-ID: CVE-2016-6304)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to improper resource management in OCSP stapling implementation in OpenSSL. A remote attacker can multiple requests with a large OCSP Status Request extension and consume all available memory on the system.
13) Denial of service (CVE-ID: CVE-2016-6305)
The vulnerability allows a remote unauthenticated user to cause DoS conditions on the vulnerable system.The weakness is due to flaw in handling of SSL/TLS protocol during a call to SSL_peek(). By sending an empty record attackers can trigger the affected service hang or deny.
Successful exploitation of the vulnerability will result in denial of service on the vulnerable system.
14) Denial of service (CVE-ID: CVE-2016-6305)
The vulnerability allows a remote authenticated user to trigger denial of service on the target system.The weakness exists due to state error. By sendidng specially crafted files attackers can cause a flaw in SSL_peek() that may lead to the affected service hanging.
Successful exploitation of the vulnerability results in denial of service on the vulnerable system.
15) Denial of service (CVE-ID: CVE-2016-6306)
The vulnerability allows a remote unauthenticated user to cause DoS conditions on the target system.The weakess exists due insufficient length validation of certain TLS/SSL protocol handshake messages. By causing out-of-bounds read error attackers can trigger the affected service deny.
Successful exploitation of the vulnerability will result in denial of service on the vulnerable system.
16) Missing CRL sanity check (CVE-ID: CVE-2016-7052)
The vulnerability allows a remote attacker to cause a denial of service.
The vulnerability exists due to incorrect implementation of CRL sanity check in version 1.0.2i. Any attempt to use CRLs results in null pointe exception and crashes the process.
Remediation
Install update from vendor's website.