Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

suse-cvrf логотип

openSUSE-SU-2016:1243-1

Опубликовано: 05 мая 2016
Источник: suse-cvrf

Описание

Security update for openssl

This update for openssl fixes the following issues:

  • CVE-2016-2108: Memory corruption in the ASN.1 encoder (bsc#977617)
  • CVE-2016-2107: Padding oracle in AES-NI CBC MAC check (bsc#977616)
  • CVE-2016-2105: EVP_EncodeUpdate overflow (bsc#977614)
  • CVE-2016-2106: EVP_EncryptUpdate overflow (bsc#977615)
  • CVE-2016-2109: ASN.1 BIO excessive memory allocation (bsc#976942)
  • bsc#976943: Buffer overrun in ASN1_parse
  • bsc#977621: Preserve negotiated digests for SNI (bsc#977621)
  • bsc#958501: Fix openssl enc -non-fips-allow option in FIPS mode (bsc#958501)

This update was imported from the SUSE:SLE-12-SP1:Update update project.

Список пакетов

openSUSE Leap 42.1
libopenssl-devel-1.0.1i-15.1
libopenssl-devel-32bit-1.0.1i-15.1
libopenssl1_0_0-1.0.1i-15.1
libopenssl1_0_0-32bit-1.0.1i-15.1
libopenssl1_0_0-hmac-1.0.1i-15.1
libopenssl1_0_0-hmac-32bit-1.0.1i-15.1
openssl-1.0.1i-15.1
openssl-doc-1.0.1i-15.1

Ссылки

Описание

Integer overflow in the EVP_EncodeUpdate function in crypto/evp/encode.c in OpenSSL before 1.0.1t and 1.0.2 before 1.0.2h allows remote attackers to cause a denial of service (heap memory corruption) via a large amount of binary data.

Затронутые продукты
openSUSE Leap 42.1:libopenssl-devel-1.0.1i-15.1
openSUSE Leap 42.1:libopenssl-devel-32bit-1.0.1i-15.1
openSUSE Leap 42.1:libopenssl1_0_0-1.0.1i-15.1
openSUSE Leap 42.1:libopenssl1_0_0-32bit-1.0.1i-15.1
Ссылки

Описание

Integer overflow in the EVP_EncryptUpdate function in crypto/evp/evp_enc.c in OpenSSL before 1.0.1t and 1.0.2 before 1.0.2h allows remote attackers to cause a denial of service (heap memory corruption) via a large amount of data.

Затронутые продукты
openSUSE Leap 42.1:libopenssl-devel-1.0.1i-15.1
openSUSE Leap 42.1:libopenssl-devel-32bit-1.0.1i-15.1
openSUSE Leap 42.1:libopenssl1_0_0-1.0.1i-15.1
openSUSE Leap 42.1:libopenssl1_0_0-32bit-1.0.1i-15.1
Ссылки

Описание

The AES-NI implementation in OpenSSL before 1.0.1t and 1.0.2 before 1.0.2h does not consider memory allocation during a certain padding check, which allows remote attackers to obtain sensitive cleartext information via a padding-oracle attack against an AES CBC session. NOTE: this vulnerability exists because of an incorrect fix for CVE-2013-0169.

Затронутые продукты
openSUSE Leap 42.1:libopenssl-devel-1.0.1i-15.1
openSUSE Leap 42.1:libopenssl-devel-32bit-1.0.1i-15.1
openSUSE Leap 42.1:libopenssl1_0_0-1.0.1i-15.1
openSUSE Leap 42.1:libopenssl1_0_0-32bit-1.0.1i-15.1
Ссылки

Описание

The ASN.1 implementation in OpenSSL before 1.0.1o and 1.0.2 before 1.0.2c allows remote attackers to execute arbitrary code or cause a denial of service (buffer underflow and memory corruption) via an ANY field in crafted serialized data, aka the "negative zero" issue.

Затронутые продукты
openSUSE Leap 42.1:libopenssl-devel-1.0.1i-15.1
openSUSE Leap 42.1:libopenssl-devel-32bit-1.0.1i-15.1
openSUSE Leap 42.1:libopenssl1_0_0-1.0.1i-15.1
openSUSE Leap 42.1:libopenssl1_0_0-32bit-1.0.1i-15.1
Ссылки

Описание

The asn1_d2i_read_bio function in crypto/asn1/a_d2i_fp.c in the ASN.1 BIO implementation in OpenSSL before 1.0.1t and 1.0.2 before 1.0.2h allows remote attackers to cause a denial of service (memory consumption) via a short invalid encoding.

Затронутые продукты
openSUSE Leap 42.1:libopenssl-devel-1.0.1i-15.1
openSUSE Leap 42.1:libopenssl-devel-32bit-1.0.1i-15.1
openSUSE Leap 42.1:libopenssl1_0_0-1.0.1i-15.1
openSUSE Leap 42.1:libopenssl1_0_0-32bit-1.0.1i-15.1
Ссылки
Уязвимость openSUSE-SU-2016:1243-1