Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

suse-cvrf логотип

SUSE-SU-2016:1231-1

Опубликовано: 04 мая 2016
Источник: suse-cvrf

Описание

Security update for compat-openssl097g

This update for compat-openssl097g fixes the following issues:

Security issues fixed:

  • CVE-2016-2108: Memory corruption in the ASN.1 encoder (bsc#977617)
  • CVE-2016-2105: EVP_EncodeUpdate overflow (bsc#977614)
  • CVE-2016-2106: EVP_EncryptUpdate overflow (bsc#977615)
  • CVE-2016-2109: ASN.1 BIO excessive memory allocation (bsc#976942)

Bugs fixed:

  • bsc#976943: Fix buffer overrun in ASN1_parse

Список пакетов

SUSE Linux Enterprise Server for SAP Applications 11 SP3
compat-openssl097g-0.9.7g-146.22.44.1
compat-openssl097g-32bit-0.9.7g-146.22.44.1
SUSE Linux Enterprise Server for SAP Applications 11 SP4
compat-openssl097g-0.9.7g-146.22.44.1
compat-openssl097g-32bit-0.9.7g-146.22.44.1

Ссылки

Описание

Integer overflow in the EVP_EncodeUpdate function in crypto/evp/encode.c in OpenSSL before 1.0.1t and 1.0.2 before 1.0.2h allows remote attackers to cause a denial of service (heap memory corruption) via a large amount of binary data.

Затронутые продукты
SUSE Linux Enterprise Server for SAP Applications 11 SP3:compat-openssl097g-0.9.7g-146.22.44.1
SUSE Linux Enterprise Server for SAP Applications 11 SP3:compat-openssl097g-32bit-0.9.7g-146.22.44.1
SUSE Linux Enterprise Server for SAP Applications 11 SP4:compat-openssl097g-0.9.7g-146.22.44.1
SUSE Linux Enterprise Server for SAP Applications 11 SP4:compat-openssl097g-32bit-0.9.7g-146.22.44.1
Ссылки

Описание

Integer overflow in the EVP_EncryptUpdate function in crypto/evp/evp_enc.c in OpenSSL before 1.0.1t and 1.0.2 before 1.0.2h allows remote attackers to cause a denial of service (heap memory corruption) via a large amount of data.

Затронутые продукты
SUSE Linux Enterprise Server for SAP Applications 11 SP3:compat-openssl097g-0.9.7g-146.22.44.1
SUSE Linux Enterprise Server for SAP Applications 11 SP3:compat-openssl097g-32bit-0.9.7g-146.22.44.1
SUSE Linux Enterprise Server for SAP Applications 11 SP4:compat-openssl097g-0.9.7g-146.22.44.1
SUSE Linux Enterprise Server for SAP Applications 11 SP4:compat-openssl097g-32bit-0.9.7g-146.22.44.1
Ссылки

Описание

The ASN.1 implementation in OpenSSL before 1.0.1o and 1.0.2 before 1.0.2c allows remote attackers to execute arbitrary code or cause a denial of service (buffer underflow and memory corruption) via an ANY field in crafted serialized data, aka the "negative zero" issue.

Затронутые продукты
SUSE Linux Enterprise Server for SAP Applications 11 SP3:compat-openssl097g-0.9.7g-146.22.44.1
SUSE Linux Enterprise Server for SAP Applications 11 SP3:compat-openssl097g-32bit-0.9.7g-146.22.44.1
SUSE Linux Enterprise Server for SAP Applications 11 SP4:compat-openssl097g-0.9.7g-146.22.44.1
SUSE Linux Enterprise Server for SAP Applications 11 SP4:compat-openssl097g-32bit-0.9.7g-146.22.44.1
Ссылки

Описание

The asn1_d2i_read_bio function in crypto/asn1/a_d2i_fp.c in the ASN.1 BIO implementation in OpenSSL before 1.0.1t and 1.0.2 before 1.0.2h allows remote attackers to cause a denial of service (memory consumption) via a short invalid encoding.

Затронутые продукты
SUSE Linux Enterprise Server for SAP Applications 11 SP3:compat-openssl097g-0.9.7g-146.22.44.1
SUSE Linux Enterprise Server for SAP Applications 11 SP3:compat-openssl097g-32bit-0.9.7g-146.22.44.1
SUSE Linux Enterprise Server for SAP Applications 11 SP4:compat-openssl097g-0.9.7g-146.22.44.1
SUSE Linux Enterprise Server for SAP Applications 11 SP4:compat-openssl097g-32bit-0.9.7g-146.22.44.1
Ссылки
Уязвимость SUSE-SU-2016:1231-1