Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

oracle-oval логотип

ELSA-2016-1137

Опубликовано: 31 мая 2016
Источник: oracle-oval
Платформа: Oracle Linux 5

Описание

ELSA-2016-1137: openssl security update (IMPORTANT)

[0.9.8e-40.0.1]

  • To disable SSLv2 client connections create the file /etc/sysconfig/openssl-ssl-client-kill-sslv2 (John Haxby) [orabug 21673934]
  • Backport openssl 08-Jan-2015 security fixes (John Haxby) [orabug 20409893]
  • fix CVE-2014-3570 - Bignum squaring may produce incorrect results
  • fix CVE-2014-3571 - DTLS segmentation fault in dtls1_get_record
  • fix CVE-2014-3572 - ECDHE silently downgrades to ECDH [Client]

[0.9.8e-40]

  • fix CVE-2016-2108 - memory corruption in ASN.1 encoder

Обновленные пакеты

Oracle Linux 5

Oracle Linux ia64

openssl

0.9.8e-40.0.1.el5_11

openssl-devel

0.9.8e-40.0.1.el5_11

openssl-perl

0.9.8e-40.0.1.el5_11

Oracle Linux x86_64

openssl

0.9.8e-40.0.1.el5_11

openssl-devel

0.9.8e-40.0.1.el5_11

openssl-perl

0.9.8e-40.0.1.el5_11

Oracle Linux i386

openssl

0.9.8e-40.0.1.el5_11

openssl-devel

0.9.8e-40.0.1.el5_11

openssl-perl

0.9.8e-40.0.1.el5_11

Связанные CVE

CVE-2016-2108

Ссылки на источники

Связанные уязвимости

ubuntu логотип

CVE-2016-2108

CVSS3: 9.8
ubuntu
около 9 лет назад

The ASN.1 implementation in OpenSSL before 1.0.1o and 1.0.2 before 1.0.2c allows remote attackers to execute arbitrary code or cause a denial of service (buffer underflow and memory corruption) via an ANY field in crafted serialized data, aka the "negative zero" issue.

redhat логотип

CVE-2016-2108

CVSS3: 5.6
redhat
около 9 лет назад

The ASN.1 implementation in OpenSSL before 1.0.1o and 1.0.2 before 1.0.2c allows remote attackers to execute arbitrary code or cause a denial of service (buffer underflow and memory corruption) via an ANY field in crafted serialized data, aka the "negative zero" issue.

nvd логотип

CVE-2016-2108

CVSS3: 9.8
nvd
около 9 лет назад

The ASN.1 implementation in OpenSSL before 1.0.1o and 1.0.2 before 1.0.2c allows remote attackers to execute arbitrary code or cause a denial of service (buffer underflow and memory corruption) via an ANY field in crafted serialized data, aka the "negative zero" issue.

debian логотип

CVE-2016-2108

CVSS3: 9.8
debian
около 9 лет назад

The ASN.1 implementation in OpenSSL before 1.0.1o and 1.0.2 before 1.0 ...

github логотип

GHSA-cf8v-cq93-65gh

CVSS3: 9.8
github
около 3 лет назад

The ASN.1 implementation in OpenSSL before 1.0.1o and 1.0.2 before 1.0.2c allows remote attackers to execute arbitrary code or cause a denial of service (buffer underflow and memory corruption) via an ANY field in crafted serialized data, aka the "negative zero" issue.

Уязвимость ELSA-2016-1137