openSUSE update for openssl-steam

1) Integer overflow in ssl3_get_client_hello()

EUVDB-ID: #VU24

Risk: Medium

CVSSv4.0: 2.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2016-2177

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

The vulnerability allows a remote attacker to cause denial of service conditions on the target system.
The vulnerability exists due to a boundary error in ssl3_get_client_hello() function. A remote attacker can cause integer overflow by sending specially crafted data and crash the service.
Successful exploitation of this vulnerability may cause the target service to crash.

Install update from vendor's website.

Opensuse: 42.3

• cpe:2.3:o:suse:opensuse:42.3:*:*:*:*:*:*:*

https://lists.opensuse.org/opensuse-security-announce/2018-02/msg00032.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

2) Observable discrepancy

EUVDB-ID: #VU1589

Risk: Low

CVSSv4.0: 1.1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2016-2178

CWE-ID: CWE-203 - Observable discrepancy

Exploit availability: No

The vulnerability allows a local user to perform timing attack.

The vulnerability exists due to an error within the dsa_sign_setup() function in crypto/dsa/dsa_ossl.c. A local user can obtain a DSA private key via a timing side-channel attack.

Install update from vendor's website.

Opensuse: 42.3

• cpe:2.3:o:suse:opensuse:42.3:*:*:*:*:*:*:*

https://lists.opensuse.org/opensuse-security-announce/2018-02/msg00032.html

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

3) Resource management error

EUVDB-ID: #VU1974

Risk: Medium

CVSSv4.0: 6.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2016-2179

CWE-ID: CWE-399 - Resource Management Errors

Exploit availability: No

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to improper management of internal resources in the Datagram TLS (DTLS) implementation. A remote attacker can initiate and maintain multiple crafted DTLS sessions simultaneously and perform a denial of service (DoS) attack.

Install update from vendor's website.

Opensuse: 42.3

• cpe:2.3:o:suse:opensuse:42.3:*:*:*:*:*:*:*

https://lists.opensuse.org/opensuse-security-announce/2018-02/msg00032.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

4) Out-of-bounds read

EUVDB-ID: #VU308

Risk: Medium

CVSSv4.0: 6.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2016-2180

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a boundary condition within the TS_OBJ_print_bio() function in crypto/ts/ts_lib.c in the X.509 Public Key Infrastructure Time-Stamp Protocol (TSP) implementation in OpenSSL. A remote attacker can perform a denial of service (DoS) attack via a crafted time-stamp file that is mishandled by the "openssl ts" command.

Install update from vendor's website.

Opensuse: 42.3

• cpe:2.3:o:suse:opensuse:42.3:*:*:*:*:*:*:*

https://lists.opensuse.org/opensuse-security-announce/2018-02/msg00032.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

5) Input validation error

EUVDB-ID: #VU1975

Risk: Medium

CVSSv4.0: 6.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2016-2181

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to insufficient validation of user-supplied input within the Anti-Replay feature in the DTLS implementation when using a new epoch number in conjunction with a large sequence number. A remote attacker can perform a denial of service (DoS) attack (false-positive packet drops) via spoofed DTLS records.

Install update from vendor's website.

Opensuse: 42.3

• cpe:2.3:o:suse:opensuse:42.3:*:*:*:*:*:*:*

https://lists.opensuse.org/opensuse-security-announce/2018-02/msg00032.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

6) Out-of-bounds write

EUVDB-ID: #VU1968

Risk: High

CVSSv4.0: 8.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]

CVE-ID: CVE-2016-2182

CWE-ID: CWE-787 - Out-of-bounds write

Exploit availability: No

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a boundary error within the BN_bn2dec() function in crypto/bn/bn_print.c in OpenSSL. A remote attacker can send specially crafted data to the server, trigger an out-of-bounds write and execute arbitrary code on the target system.

Install update from vendor's website.

Opensuse: 42.3

• cpe:2.3:o:suse:opensuse:42.3:*:*:*:*:*:*:*

https://lists.opensuse.org/opensuse-security-announce/2018-02/msg00032.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

7) Information disclosure

EUVDB-ID: #VU370

Risk: Low

CVSSv4.0: 6.9 [CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:P/U:Clear]

CVE-ID: CVE-2016-2183

CWE-ID: CWE-327 - Use of a Broken or Risky Cryptographic Algorithm

Exploit availability: No

The vulnerability allows a remote attacker to decrypt transmitted data.

The vulnerability exists due to remote user's ability to control the network and capture long duration 3DES CBC mode encrypted session during which he can see a part of the text. In case of repeated sending the attacker can read the part and reconstruct the whole text.

Successful exploitation of this vulnerability may allow a remote attacker to decode transmitted data. This vulnerability is known as SWEET32.

Install update from vendor's website.

Opensuse: 42.3

• cpe:2.3:o:suse:opensuse:42.3:*:*:*:*:*:*:*

https://lists.opensuse.org/opensuse-security-announce/2018-02/msg00032.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.

8) Out-of-bounds read

EUVDB-ID: #VU814

Risk: Medium

CVSSv4.0: 6.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2016-6302

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

The vulnerability allows a remote attacker to denial of service (DoS) attack.

The vulnerability exists due to a boundary condition when handling SHA512 TLS session tickets. A remote attacker can send specially crafted packets to the system, trigger an out-of-bounds read error and perform a denial of service (DoS) attack.

Install update from vendor's website.

Opensuse: 42.3

• cpe:2.3:o:suse:opensuse:42.3:*:*:*:*:*:*:*

https://lists.opensuse.org/opensuse-security-announce/2018-02/msg00032.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

9) Denial of service

EUVDB-ID: #VU815

Risk: Low

CVSSv4.0: 6.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2016-6303

CWE-ID: CWE-122 - Heap-based Buffer Overflow

Exploit availability: No

The vulnerability allows a remote unauthenticated user to cause DoS conditions on the vulnerable system.
The weakness is caused by integer overflow in the MDC2_Update() function in 'crypto/mdc2/mdc2dgst.c'. By using large ammounts of input data attackers are able to trigger error in input length validation that leads to  crash of the affected service.
Successful exploitation of the vulnerability will result in denial of service on the vulnerable system.

Install update from vendor's website.

Opensuse: 42.3

• cpe:2.3:o:suse:opensuse:42.3:*:*:*:*:*:*:*

https://lists.opensuse.org/opensuse-security-announce/2018-02/msg00032.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

10) Resource exhaustion

EUVDB-ID: #VU646

Risk: Medium

CVSSv4.0: 6.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2016-6304

CWE-ID: CWE-400 - Resource exhaustion

Exploit availability: No

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to improper resource management in OCSP stapling implementation in OpenSSL. A remote attacker can multiple requests with a large OCSP Status Request extension and consume all available memory on the system.

Install update from vendor's website.

Opensuse: 42.3

• cpe:2.3:o:suse:opensuse:42.3:*:*:*:*:*:*:*

https://lists.opensuse.org/opensuse-security-announce/2018-02/msg00032.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

11) Denial of service

EUVDB-ID: #VU816

Risk: Low

CVSSv4.0: 6.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2016-6306

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

The vulnerability allows a remote unauthenticated user to cause DoS conditions on the target system.
The weakess exists due insufficient length validation of certain TLS/SSL protocol handshake messages. By causing out-of-bounds read error attackers can trigger the affected service deny.
Successful exploitation of the vulnerability will result in denial of service on the vulnerable system.

Install update from vendor's website.

Opensuse: 42.3

• cpe:2.3:o:suse:opensuse:42.3:*:*:*:*:*:*:*

https://lists.opensuse.org/opensuse-security-announce/2018-02/msg00032.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

12) Missing CRL sanity check

EUVDB-ID: #VU660

Risk: Medium

CVSSv4.0: 2.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2016-7052

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

The vulnerability allows a remote attacker to cause a denial of service.

The vulnerability exists due to incorrect implementation of CRL sanity check in version 1.0.2i. Any attempt to use CRLs results in null pointe exception and crashes the process.

Install update from vendor's website.

Opensuse: 42.3

• cpe:2.3:o:suse:opensuse:42.3:*:*:*:*:*:*:*

https://lists.opensuse.org/opensuse-security-announce/2018-02/msg00032.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

13) Information disclosure

EUVDB-ID: #VU5894

Risk: Low

CVSSv4.0: 1.7 [CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2016-7055

CWE-ID: CWE-310 - Cryptographic Issues

Exploit availability: No

The vulnerability allows a remote attacker to decrypt certain data.

The vulnerability exists in OpenSSL implementation due to propagating bug in the Broadwell-specific Montgomery multiplication procedure that handles input lengths divisible by, but longer than 256 bits. A remote attacker can launch attacks against RSA, DSA and DH private keys and decrypt information, passed over encrypted channels. Among EC algorithms only Brainpool P-512 curves are affected and one presumably can attack ECDH key negotiation.

Successful exploitation of the vulnerability may allow an attacker in certain conditions to launch attacks against OpenSSL clients.

Install update from vendor's website.

Opensuse: 42.3

• cpe:2.3:o:suse:opensuse:42.3:*:*:*:*:*:*:*

https://lists.opensuse.org/opensuse-security-announce/2018-02/msg00032.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

14) Information disclosure

EUVDB-ID: #VU4133

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2016-7056

CWE-ID: CWE-310 - Cryptographic Issues

Exploit availability: No

The vulnerability allows a local user obtain potentially sensitive information.

The vulnerability exists due the OpenSSL does not properly set the BN_FLG_CONSTTIME for nonces when signing with the P-256 elliptic curve in ecdsa_sign_setup() function in crypto/ec/ecdsa_ossl.c. A local attacker can conduct a cache-timing attack and recover ECDSA P-256 private keys

Successful exploitation of this vulnerability may allow an attacker to obtain potentially sensitive information.

The vulnerability is discovered in OpenSSL 1.0.1u. Other versions may also be affected.

Install update from vendor's website.

Opensuse: 42.3

• cpe:2.3:o:suse:opensuse:42.3:*:*:*:*:*:*:*

https://lists.opensuse.org/opensuse-security-announce/2018-02/msg00032.html

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

15) Out-of-bounds read

EUVDB-ID: #VU5420

Risk: Medium

CVSSv4.0: 4.6 [CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2017-3731

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

The vulnerability allows a remote attacker to cause denial of service conditions.

The vulnerability exists due to out-of-bounds read in OpenSSL when processing truncated packets on 32-bit system using certain ciphers. A remote attacker can send a specially crafted truncated packet using CHACHA20/POLY1305 cipher for OpenSSL 1.1.0 or RC4-MD5 for 1.0.2 and trigger denial of service.

Successful exploitation of the vulnerability may allow an attacker to perform denial of service (DoS) attack against vulnerable system.

Install update from vendor's website.

Opensuse: 42.3

• cpe:2.3:o:suse:opensuse:42.3:*:*:*:*:*:*:*

https://lists.opensuse.org/opensuse-security-announce/2018-02/msg00032.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

16) Information disclosure

EUVDB-ID: #VU5442

Risk: Low

CVSSv4.0: 1.7 [CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2017-3732

CWE-ID: CWE-310 - Cryptographic Issues

Exploit availability: No

The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The vulnerability exists due to propagating error in the x86_64 Montgomery squaring procedure. A remote attacker with access to unpatched vulnerable system that uses a shared private key with Diffie-Hellman (DH) parameters set can gain unauthorized access to sensitive private key information.

According to vendor’s advisory, this vulnerability is unlikely to be exploited in real-world attacks, as it requires significant resources and online access to an unpatched system using the target private key in a scenario with persistent DH parameters and a private key that is shared between multiple clients.

Vulnerability exploitation against RSA and DSA as a result of this defect would be very difficult to perform and are not believed likely.

Install update from vendor's website.

Opensuse: 42.3

• cpe:2.3:o:suse:opensuse:42.3:*:*:*:*:*:*:*

https://lists.opensuse.org/opensuse-security-announce/2018-02/msg00032.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.