Vulnerability   
Search   
    Search 219043 CVE descriptions
and 99761 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.0.882486
Category:CentOS Local Security Checks
Title:CentOS Update for openssl CESA-2016:0722 centos7
Summary:Check the version of openssl
Description:Summary:
Check the version of openssl

Vulnerability Insight:
OpenSSL is a toolkit that implements the
Secure Sockets Layer (SSL) and Transport Layer Security (TLS) protocols,
as well as a full-strength general-purpose cryptography library.

Security Fix(es):

* A flaw was found in the way OpenSSL encoded certain ASN.1 data
structures. An attacker could use this flaw to create a specially crafted
certificate which, when verified or re-encoded by OpenSSL, could cause it
to crash, or execute arbitrary code using the permissions of the user
running an application compiled against the OpenSSL library.
(CVE-2016-2108)

* Two integer overflow flaws, leading to buffer overflows, were found in
the way the EVP_EncodeUpdate() and EVP_EncryptUpdate() functions of OpenSSL
parsed very large amounts of input data. A remote attacker could use these
flaws to crash an application using OpenSSL or, possibly, execute arbitrary
code with the permissions of the user running that application.
(CVE-2016-2105, CVE-2016-2106)

* It was discovered that OpenSSL leaked timing information when decrypting
TLS/SSL and DTLS protocol encrypted records when the connection used the
AES CBC cipher suite and the server supported AES-NI. A remote attacker
could possibly use this flaw to retrieve plain text from encrypted packets
by using a TLS/SSL or DTLS server as a padding oracle. (CVE-2016-2107)

* Several flaws were found in the way BIO_*printf functions were
implemented in OpenSSL. Applications which passed large amounts of
untrusted data through these functions could crash or potentially execute
code with the permissions of the user running such an application.
(CVE-2016-0799, CVE-2016-2842)

* A denial of service flaw was found in the way OpenSSL parsed certain
ASN.1-encoded data from BIO (OpenSSL's I/O abstraction) inputs. An
application using OpenSSL that accepts untrusted ASN.1 BIO input could be
forced to allocate an excessive amount of data. (CVE-2016-2109)

Red Hat would like to thank the OpenSSL project for reporting
CVE-2016-2108, CVE-2016-2842, CVE-2016-2105, CVE-2016-2106, CVE-2016-2107,
and CVE-2016-0799. Upstream acknowledges Huzaifa Sidhpurwala (Red Hat),
Hanno Bock, and David Benjamin (Google) as the original reporters of
CVE-2016-2108 Guido Vranken as the original reporter of CVE-2016-2842,
CVE-2016-2105, CVE-2016-2106, and CVE-2016-0799 and Juraj Somorovsky as
the original reporter of CVE-2016-2107.

Affected Software/OS:
openssl on CentOS 7

Solution:
Please Install the Updated Packages.

CVSS Score:
10.0

CVSS Vector:
AV:N/AC:L/Au:N/C:C/I:C/A:C

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2016-0799
BugTraq ID: 83755
http://www.securityfocus.com/bid/83755
BugTraq ID: 91787
http://www.securityfocus.com/bid/91787
Cisco Security Advisory: 20160302 Multiple Vulnerabilities in OpenSSL Affecting Cisco Products: March 2016
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160302-openssl
Debian Security Information: DSA-3500 (Google Search)
http://www.debian.org/security/2016/dsa-3500
http://lists.fedoraproject.org/pipermail/package-announce/2016-March/178358.html
http://lists.fedoraproject.org/pipermail/package-announce/2016-March/178817.html
FreeBSD Security Advisory: FreeBSD-SA-16:17
https://security.FreeBSD.org/advisories/FreeBSD-SA-16:12.openssl.asc
https://security.gentoo.org/glsa/201603-15
HPdes Security Advisory: HPSBGN03569
http://marc.info/?l=bugtraq&m=145983526810210&w=2
HPdes Security Advisory: HPSBMU03575
http://marc.info/?l=bugtraq&m=146108058503441&w=2
RedHat Security Advisories: RHSA-2016:0722
http://rhn.redhat.com/errata/RHSA-2016-0722.html
RedHat Security Advisories: RHSA-2016:0996
http://rhn.redhat.com/errata/RHSA-2016-0996.html
RedHat Security Advisories: RHSA-2016:2073
http://rhn.redhat.com/errata/RHSA-2016-2073.html
RedHat Security Advisories: RHSA-2016:2957
http://rhn.redhat.com/errata/RHSA-2016-2957.html
http://www.securitytracker.com/id/1035133
SuSE Security Announcement: SUSE-SU-2016:0617 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00001.html
SuSE Security Announcement: SUSE-SU-2016:0620 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00002.html
SuSE Security Announcement: SUSE-SU-2016:0621 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00003.html
SuSE Security Announcement: SUSE-SU-2016:0624 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00004.html
SuSE Security Announcement: SUSE-SU-2016:0631 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00007.html
SuSE Security Announcement: SUSE-SU-2016:0641 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00012.html
SuSE Security Announcement: SUSE-SU-2016:0678 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00017.html
SuSE Security Announcement: SUSE-SU-2016:1057 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00038.html
SuSE Security Announcement: openSUSE-SU-2016:0628 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00006.html
SuSE Security Announcement: openSUSE-SU-2016:0637 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00009.html
SuSE Security Announcement: openSUSE-SU-2016:0638 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00010.html
SuSE Security Announcement: openSUSE-SU-2016:0640 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00011.html
SuSE Security Announcement: openSUSE-SU-2016:0720 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00025.html
SuSE Security Announcement: openSUSE-SU-2016:1239 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00015.html
SuSE Security Announcement: openSUSE-SU-2016:1241 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00017.html
http://www.ubuntu.com/usn/USN-2914-1
Common Vulnerability Exposure (CVE) ID: CVE-2016-2105
http://lists.apple.com/archives/security-announce/2016/Jul/msg00000.html
BugTraq ID: 89757
http://www.securityfocus.com/bid/89757
Cisco Security Advisory: 20160504 Multiple Vulnerabilities in OpenSSL Affecting Cisco Products: May 2016
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160504-openssl
Debian Security Information: DSA-3566 (Google Search)
http://www.debian.org/security/2016/dsa-3566
http://lists.fedoraproject.org/pipermail/package-announce/2016-May/183457.html
http://lists.fedoraproject.org/pipermail/package-announce/2016-May/183607.html
http://lists.fedoraproject.org/pipermail/package-announce/2016-May/184605.html
https://www.freebsd.org/security/advisories/FreeBSD-SA-16:17.openssl.asc
https://security.gentoo.org/glsa/201612-16
http://packetstormsecurity.com/files/136912/Slackware-Security-Advisory-openssl-Updates.html
RedHat Security Advisories: RHSA-2016:1648
http://rhn.redhat.com/errata/RHSA-2016-1648.html
RedHat Security Advisories: RHSA-2016:1649
http://rhn.redhat.com/errata/RHSA-2016-1649.html
RedHat Security Advisories: RHSA-2016:1650
http://rhn.redhat.com/errata/RHSA-2016-1650.html
RedHat Security Advisories: RHSA-2016:2056
http://rhn.redhat.com/errata/RHSA-2016-2056.html
http://www.securitytracker.com/id/1035721
http://www.slackware.com/security/viewer.php?l=slackware-security&y=2016&m=slackware-security.542103
SuSE Security Announcement: SUSE-SU-2016:1206 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00001.html
SuSE Security Announcement: SUSE-SU-2016:1228 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00008.html
SuSE Security Announcement: SUSE-SU-2016:1231 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00010.html
SuSE Security Announcement: SUSE-SU-2016:1233 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00011.html
SuSE Security Announcement: SUSE-SU-2016:1267 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00029.html
SuSE Security Announcement: SUSE-SU-2016:1290 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00036.html
SuSE Security Announcement: SUSE-SU-2016:1360 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00055.html
SuSE Security Announcement: openSUSE-SU-2016:1237 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00013.html
SuSE Security Announcement: openSUSE-SU-2016:1238 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00014.html
SuSE Security Announcement: openSUSE-SU-2016:1240 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00016.html
SuSE Security Announcement: openSUSE-SU-2016:1242 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00018.html
SuSE Security Announcement: openSUSE-SU-2016:1243 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00019.html
SuSE Security Announcement: openSUSE-SU-2016:1273 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00030.html
SuSE Security Announcement: openSUSE-SU-2016:1566 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00019.html
http://www.ubuntu.com/usn/USN-2959-1
Common Vulnerability Exposure (CVE) ID: CVE-2016-2106
BugTraq ID: 89744
http://www.securityfocus.com/bid/89744
Common Vulnerability Exposure (CVE) ID: CVE-2016-2107
BugTraq ID: 89760
http://www.securityfocus.com/bid/89760
https://www.exploit-db.com/exploits/39768/
http://web-in-security.blogspot.ca/2016/05/curious-padding-oracle-in-openssl-cve.html
https://blog.cloudflare.com/yet-another-padding-oracle-in-openssl-cbc-ciphersuites/
Common Vulnerability Exposure (CVE) ID: CVE-2016-2108
BugTraq ID: 89752
http://www.securityfocus.com/bid/89752
RedHat Security Advisories: RHSA-2016:1137
https://access.redhat.com/errata/RHSA-2016:1137
RedHat Security Advisories: RHSA-2017:0193
https://access.redhat.com/errata/RHSA-2017:0193
RedHat Security Advisories: RHSA-2017:0194
https://access.redhat.com/errata/RHSA-2017:0194
Common Vulnerability Exposure (CVE) ID: CVE-2016-2109
BugTraq ID: 87940
http://www.securityfocus.com/bid/87940
Common Vulnerability Exposure (CVE) ID: CVE-2016-2842
BugTraq ID: 84169
http://www.securityfocus.com/bid/84169
CopyrightCopyright (C) 2016 Greenbone Networks GmbH

This is only one of 99761 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.




© 1998-2024 E-Soft Inc. All rights reserved.