Severity: Unknown
Affected Package: openssl
Summary: Multiple OpenSSL vulnerabilities (memory growth, overflows, OOB reads/writes, DoS)
OpenSSL security update addressing ten issues: unbounded memory growth from repeated large OCSP Status Request extensions, an MDC2_Update heap overflow, an SHA512 session-ticket OOB read DoS, an OOB write in BN_bn2dec, OOB reads in TS_OBJ_print_bio, undefined pointer arithmetic, a DSA non-constant-time side channel, DTLS out-of-order message buffering exhaustion, a DTLS replay-window DoS, and small OOB reads from missing message length checks. Fixed by importing the OpenSSL patch set in the 0.8.1 release.
No specific recommendations provided.
Aliases: CVE-2016-6304, CVE-2016-6303, CVE-2016-6302, CVE-2016-2182, CVE-2016-2180, CVE-2016-2177, CVE-2016-2178, CVE-2016-2179, CVE-2016-2181, CVE-2016-6306
Published: September 23, 2016
Last Modified: September 23, 2016