Описание
Security update for openssl
This update for openssl fixes the following issues:
OpenSSL Security Advisory [22 Sep 2016] (bsc#999665)
Severity: High
- OCSP Status Request extension unbounded memory growth (CVE-2016-6304) (bsc#999666)
Severity: Low
- Pointer arithmetic undefined behaviour (CVE-2016-2177) (bsc#982575)
- Constant time flag not preserved in DSA signing (CVE-2016-2178) (bsc#983249)
- DTLS buffered message DoS (CVE-2016-2179) (bsc#994844)
- OOB read in TS_OBJ_print_bio() (CVE-2016-2180) (bsc#990419)
- DTLS replay protection DoS (CVE-2016-2181) (bsc#994749)
- OOB write in BN_bn2dec() (CVE-2016-2182) (bsc#993819)
- Birthday attack against 64-bit block ciphers (SWEET32) (CVE-2016-2183) (bsc#995359)
- Malformed SHA512 ticket DoS (CVE-2016-6302) (bsc#995324)
- OOB write in MDC2_Update() (CVE-2016-6303) (bsc#995377)
- Certificate message OOB reads (CVE-2016-6306) (bsc#999668)
More information can be found on: https://www.openssl.org/news/secadv/20160922.txt
Also following bugs were fixed:
- update expired S/MIME certs (bsc#979475)
- improve s390x performance (bsc#982745)
- allow >= 64GB AESGCM transfers (bsc#988591)
- fix crash in print_notice (bsc#998190)
- resume reading from /dev/urandom when interrupted by a signal (bsc#995075)
Список пакетов
SUSE Linux Enterprise Desktop 12 SP1
SUSE Linux Enterprise Server 12 SP1
SUSE Linux Enterprise Server for SAP Applications 12 SP1
SUSE Linux Enterprise Software Development Kit 12 SP1
Ссылки
- Link for SUSE-SU-2016:2394-1
- E-Mail link for SUSE-SU-2016:2394-1
- SUSE Security Ratings
- SUSE Bug 979475
- SUSE Bug 982575
- SUSE Bug 982745
- SUSE Bug 983249
- SUSE Bug 988591
- SUSE Bug 990419
- SUSE Bug 993819
- SUSE Bug 994749
- SUSE Bug 994844
- SUSE Bug 995075
- SUSE Bug 995324
- SUSE Bug 995359
- SUSE Bug 995377
- SUSE Bug 998190
- SUSE Bug 999665
- SUSE Bug 999666
- SUSE Bug 999668
Описание
OpenSSL through 1.0.2h incorrectly uses pointer arithmetic for heap-buffer boundary checks, which might allow remote attackers to cause a denial of service (integer overflow and application crash) or possibly have unspecified other impact by leveraging unexpected malloc behavior, related to s3_srvr.c, ssl_sess.c, and t1_lib.c.
Затронутые продукты
Ссылки
- CVE-2016-2177
- SUSE Bug 982575
- SUSE Bug 999075
- SUSE Bug 999665
Описание
The dsa_sign_setup function in crypto/dsa/dsa_ossl.c in OpenSSL through 1.0.2h does not properly ensure the use of constant-time operations, which makes it easier for local users to discover a DSA private key via a timing side-channel attack.
Затронутые продукты
Ссылки
- CVE-2016-2178
- SUSE Bug 1004104
- SUSE Bug 983249
- SUSE Bug 983519
- SUSE Bug 999665
Описание
The DTLS implementation in OpenSSL before 1.1.0 does not properly restrict the lifetime of queue entries associated with unused out-of-order messages, which allows remote attackers to cause a denial of service (memory consumption) by maintaining many crafted DTLS sessions simultaneously, related to d1_lib.c, statem_dtls.c, statem_lib.c, and statem_srvr.c.
Затронутые продукты
Ссылки
- CVE-2016-2179
- SUSE Bug 1004104
- SUSE Bug 994844
- SUSE Bug 999665
Описание
The TS_OBJ_print_bio function in crypto/ts/ts_lib.c in the X.509 Public Key Infrastructure Time-Stamp Protocol (TSP) implementation in OpenSSL through 1.0.2h allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted time-stamp file that is mishandled by the "openssl ts" command.
Затронутые продукты
Ссылки
- CVE-2016-2180
- SUSE Bug 1003811
- SUSE Bug 990419
- SUSE Bug 999665
Описание
The Anti-Replay feature in the DTLS implementation in OpenSSL before 1.1.0 mishandles early use of a new epoch number in conjunction with a large sequence number, which allows remote attackers to cause a denial of service (false-positive packet drops) via spoofed DTLS records, related to rec_layer_d1.c and ssl3_record.c.
Затронутые продукты
Ссылки
- CVE-2016-2181
- SUSE Bug 1004104
- SUSE Bug 994749
- SUSE Bug 994844
- SUSE Bug 999665
Описание
The BN_bn2dec function in crypto/bn/bn_print.c in OpenSSL before 1.1.0 does not properly validate division results, which allows remote attackers to cause a denial of service (out-of-bounds write and application crash) or possibly have unspecified other impact via unknown vectors.
Затронутые продукты
Ссылки
- CVE-2016-2182
- SUSE Bug 1004104
- SUSE Bug 993819
- SUSE Bug 994844
- SUSE Bug 995959
- SUSE Bug 999665
Описание
The DES and Triple DES ciphers, as used in the TLS, SSH, and IPSec protocols and other protocols and products, have a birthday bound of approximately four billion blocks, which makes it easier for remote attackers to obtain cleartext data via a birthday attack against a long-duration encrypted session, as demonstrated by an HTTPS session using Triple DES in CBC mode, aka a "Sweet32" attack.
Затронутые продукты
Ссылки
- CVE-2016-2183
- SUSE Bug 1001912
- SUSE Bug 1024218
- SUSE Bug 1027038
- SUSE Bug 1034689
- SUSE Bug 1056614
- SUSE Bug 1171693
- SUSE Bug 994844
- SUSE Bug 995359
Описание
The tls_decrypt_ticket function in ssl/t1_lib.c in OpenSSL before 1.1.0 does not consider the HMAC size during validation of the ticket length, which allows remote attackers to cause a denial of service via a ticket that is too short.
Затронутые продукты
Ссылки
- CVE-2016-6302
- SUSE Bug 1004104
- SUSE Bug 994844
- SUSE Bug 995324
- SUSE Bug 999665
Описание
Integer overflow in the MDC2_Update function in crypto/mdc2/mdc2dgst.c in OpenSSL before 1.1.0 allows remote attackers to cause a denial of service (out-of-bounds write and application crash) or possibly have unspecified other impact via unknown vectors.
Затронутые продукты
Ссылки
- CVE-2016-6303
- SUSE Bug 1004104
- SUSE Bug 1115893
- SUSE Bug 994844
- SUSE Bug 995377
- SUSE Bug 999665
Описание
Multiple memory leaks in t1_lib.c in OpenSSL before 1.0.1u, 1.0.2 before 1.0.2i, and 1.1.0 before 1.1.0a allow remote attackers to cause a denial of service (memory consumption) via large OCSP Status Request extensions.
Затронутые продукты
Ссылки
- CVE-2016-6304
- SUSE Bug 1001706
- SUSE Bug 1003811
- SUSE Bug 1004104
- SUSE Bug 1005579
- SUSE Bug 1021375
- SUSE Bug 999665
- SUSE Bug 999666
Описание
The certificate parser in OpenSSL before 1.0.1u and 1.0.2 before 1.0.2i might allow remote attackers to cause a denial of service (out-of-bounds read) via crafted certificate operations, related to s3_clnt.c and s3_srvr.c.
Затронутые продукты
Ссылки
- CVE-2016-6306
- SUSE Bug 1004104
- SUSE Bug 999665
- SUSE Bug 999668