Описание
Security update for openssl
This update for openssl fixes the following issues:
OpenSSL Security Advisory [22 Sep 2016] (bsc#999665)
Severity: High
- OCSP Status Request extension unbounded memory growth (CVE-2016-6304) (bsc#999666)
Severity: Low
- Pointer arithmetic undefined behaviour (CVE-2016-2177) (bsc#982575)
- Constant time flag not preserved in DSA signing (CVE-2016-2178) (bsc#983249)
- DTLS buffered message DoS (CVE-2016-2179) (bsc#994844)
- OOB read in TS_OBJ_print_bio() (CVE-2016-2180) (bsc#990419)
- DTLS replay protection DoS (CVE-2016-2181) (bsc#994749)
- OOB write in BN_bn2dec() (CVE-2016-2182) (bsc#993819)
- Birthday attack against 64-bit block ciphers (SWEET32) (CVE-2016-2183) (bsc#995359)
- Malformed SHA512 ticket DoS (CVE-2016-6302) (bsc#995324)
- OOB write in MDC2_Update() (CVE-2016-6303) (bsc#995377)
- Certificate message OOB reads (CVE-2016-6306) (bsc#999668)
More information can be found on: https://www.openssl.org/news/secadv/20160922.txt
Also following bugs were fixed:
- update expired S/MIME certs (bsc#979475)
- improve s390x performance (bsc#982745)
- allow >= 64GB AESGCM transfers (bsc#988591)
- fix crash in print_notice (bsc#998190)
- resume reading from /dev/urandom when interrupted by a signal (bsc#995075)
Список пакетов
SUSE Linux Enterprise Server 12-LTSS
SUSE Linux Enterprise Server for SAP Applications 12
Ссылки
- Link for SUSE-SU-2016:2387-1
- E-Mail link for SUSE-SU-2016:2387-1
- SUSE Security Ratings
- SUSE Bug 979475
- SUSE Bug 982575
- SUSE Bug 982745
- SUSE Bug 983249
- SUSE Bug 988591
- SUSE Bug 990419
- SUSE Bug 993819
- SUSE Bug 994749
- SUSE Bug 994844
- SUSE Bug 995075
- SUSE Bug 995324
- SUSE Bug 995359
- SUSE Bug 995377
- SUSE Bug 998190
- SUSE Bug 999665
- SUSE Bug 999666
- SUSE Bug 999668
Описание
OpenSSL through 1.0.2h incorrectly uses pointer arithmetic for heap-buffer boundary checks, which might allow remote attackers to cause a denial of service (integer overflow and application crash) or possibly have unspecified other impact by leveraging unexpected malloc behavior, related to s3_srvr.c, ssl_sess.c, and t1_lib.c.
Затронутые продукты
Ссылки
- CVE-2016-2177
- SUSE Bug 982575
- SUSE Bug 999075
- SUSE Bug 999665
Описание
The dsa_sign_setup function in crypto/dsa/dsa_ossl.c in OpenSSL through 1.0.2h does not properly ensure the use of constant-time operations, which makes it easier for local users to discover a DSA private key via a timing side-channel attack.
Затронутые продукты
Ссылки
- CVE-2016-2178
- SUSE Bug 1004104
- SUSE Bug 983249
- SUSE Bug 983519
- SUSE Bug 999665
Описание
The DTLS implementation in OpenSSL before 1.1.0 does not properly restrict the lifetime of queue entries associated with unused out-of-order messages, which allows remote attackers to cause a denial of service (memory consumption) by maintaining many crafted DTLS sessions simultaneously, related to d1_lib.c, statem_dtls.c, statem_lib.c, and statem_srvr.c.
Затронутые продукты
Ссылки
- CVE-2016-2179
- SUSE Bug 1004104
- SUSE Bug 994844
- SUSE Bug 999665
Описание
The TS_OBJ_print_bio function in crypto/ts/ts_lib.c in the X.509 Public Key Infrastructure Time-Stamp Protocol (TSP) implementation in OpenSSL through 1.0.2h allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted time-stamp file that is mishandled by the "openssl ts" command.
Затронутые продукты
Ссылки
- CVE-2016-2180
- SUSE Bug 1003811
- SUSE Bug 990419
- SUSE Bug 999665
Описание
The Anti-Replay feature in the DTLS implementation in OpenSSL before 1.1.0 mishandles early use of a new epoch number in conjunction with a large sequence number, which allows remote attackers to cause a denial of service (false-positive packet drops) via spoofed DTLS records, related to rec_layer_d1.c and ssl3_record.c.
Затронутые продукты
Ссылки
- CVE-2016-2181
- SUSE Bug 1004104
- SUSE Bug 994749
- SUSE Bug 994844
- SUSE Bug 999665
Описание
The BN_bn2dec function in crypto/bn/bn_print.c in OpenSSL before 1.1.0 does not properly validate division results, which allows remote attackers to cause a denial of service (out-of-bounds write and application crash) or possibly have unspecified other impact via unknown vectors.
Затронутые продукты
Ссылки
- CVE-2016-2182
- SUSE Bug 1004104
- SUSE Bug 993819
- SUSE Bug 994844
- SUSE Bug 995959
- SUSE Bug 999665
Описание
The DES and Triple DES ciphers, as used in the TLS, SSH, and IPSec protocols and other protocols and products, have a birthday bound of approximately four billion blocks, which makes it easier for remote attackers to obtain cleartext data via a birthday attack against a long-duration encrypted session, as demonstrated by an HTTPS session using Triple DES in CBC mode, aka a "Sweet32" attack.
Затронутые продукты
Ссылки
- CVE-2016-2183
- SUSE Bug 1001912
- SUSE Bug 1024218
- SUSE Bug 1027038
- SUSE Bug 1034689
- SUSE Bug 1056614
- SUSE Bug 1171693
- SUSE Bug 994844
- SUSE Bug 995359
Описание
The tls_decrypt_ticket function in ssl/t1_lib.c in OpenSSL before 1.1.0 does not consider the HMAC size during validation of the ticket length, which allows remote attackers to cause a denial of service via a ticket that is too short.
Затронутые продукты
Ссылки
- CVE-2016-6302
- SUSE Bug 1004104
- SUSE Bug 994844
- SUSE Bug 995324
- SUSE Bug 999665
Описание
Integer overflow in the MDC2_Update function in crypto/mdc2/mdc2dgst.c in OpenSSL before 1.1.0 allows remote attackers to cause a denial of service (out-of-bounds write and application crash) or possibly have unspecified other impact via unknown vectors.
Затронутые продукты
Ссылки
- CVE-2016-6303
- SUSE Bug 1004104
- SUSE Bug 1115893
- SUSE Bug 994844
- SUSE Bug 995377
- SUSE Bug 999665
Описание
Multiple memory leaks in t1_lib.c in OpenSSL before 1.0.1u, 1.0.2 before 1.0.2i, and 1.1.0 before 1.1.0a allow remote attackers to cause a denial of service (memory consumption) via large OCSP Status Request extensions.
Затронутые продукты
Ссылки
- CVE-2016-6304
- SUSE Bug 1001706
- SUSE Bug 1003811
- SUSE Bug 1004104
- SUSE Bug 1005579
- SUSE Bug 1021375
- SUSE Bug 999665
- SUSE Bug 999666
Описание
The certificate parser in OpenSSL before 1.0.1u and 1.0.2 before 1.0.2i might allow remote attackers to cause a denial of service (out-of-bounds read) via crafted certificate operations, related to s3_clnt.c and s3_srvr.c.
Затронутые продукты
Ссылки
- CVE-2016-6306
- SUSE Bug 1004104
- SUSE Bug 999665
- SUSE Bug 999668