MNBSD-2016-15: Multiple OpenSSL vulnerabilities (memory growth, overflows, OOB reads/writes, DoS)

Severity: Unknown

Affected Package: openssl

Summary: Multiple OpenSSL vulnerabilities (memory growth, overflows, OOB reads/writes, DoS)

Description

OpenSSL security update addressing ten issues: unbounded memory growth from repeated large OCSP Status Request extensions, an MDC2_Update heap overflow, an SHA512 session-ticket OOB read DoS, an OOB write in BN_bn2dec, OOB reads in TS_OBJ_print_bio, undefined pointer arithmetic, a DSA non-constant-time side channel, DTLS out-of-order message buffering exhaustion, a DTLS replay-window DoS, and small OOB reads from missing message length checks. Fixed by importing the OpenSSL patch set in the 0.8.1 release.

Affected Versions

openssl

Recommendations

No specific recommendations provided.

References

Additional Information

Aliases: CVE-2016-6304, CVE-2016-6303, CVE-2016-6302, CVE-2016-2182, CVE-2016-2180, CVE-2016-2177, CVE-2016-2178, CVE-2016-2179, CVE-2016-2181, CVE-2016-6306

Published: September 23, 2016
Last Modified: September 23, 2016