Errata ALT-PU-2016-2070-1: Information
Fixes
Published: Aug. 29, 2016
BDU:2019-01911
Уязвимость в файле t1_lib.c библиотеки OpenSSL, позволяющие нарушителю вызвать отказ в обслуживании
Severity: HIGH (7.5) Vector: AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Links:
Published: Aug. 11, 2016
BDU:2019-01912
Уязвимость функции MDC2_Update библиотеки OpenSSL, позволяющая нарушителю вызвать отказ в обслуживании
Severity: CRITICAL (9.8) Vector: AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Links:
Published: Aug. 31, 2016
BDU:2021-03140
Уязвимость алгоритмов шифрования DES и Triple DES, связанная с отсутствием защиты служебных данных, позволяющая нарушителю получить несанкционированный доступ к защищаемой информации
Severity: HIGH (7.5) Vector: AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Links:
Published: Sept. 26, 2016
BDU:2022-02461
Уязвимость библиотеки OpenSSL, связанная с чтением за границами буфера в памяти, позволяющая нарушителю вызвать отказ в обслуживании
Severity: MEDIUM (5.9) Vector: AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
Links:
Published: June 20, 2016
BDU:2022-02558
Уязвимость функции dsa_sign_setup библиотеки OpenSSL , связанная с раскрытием защищаемой информации, позволяющая нарушителю обойти криптографические механизмы защиты шифрования
Severity: MEDIUM (5.5) Vector: AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Links:
Published: June 20, 2016
Modified: Nov. 7, 2023
Modified: Nov. 7, 2023
CVE-2016-2178
The dsa_sign_setup function in crypto/dsa/dsa_ossl.c in OpenSSL through 1.0.2h does not properly ensure the use of constant-time operations, which makes it easier for local users to discover a DSA private key via a timing side-channel attack.
Severity: MEDIUM (5.5) Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Links:
- http://eprint.iacr.org/2016/594.pdf
- [oss-security] 20160609 Re: CVE-2016-2178: OpenSSL DSA follows a non-constant time codepath for certain operations
- [oss-security] 20160608 CVE-2016-2178: OpenSSL DSA follows a non-constant time codepath for certain operations
- https://bugzilla.redhat.com/show_bug.cgi?id=1343400
- http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html
- SUSE-SU-2016:2470
- https://nodejs.org/en/blog/vulnerability/september-2016-security-releases/
- https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05302448
- http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html
- http://www.oracle.com/technetwork/topics/security/ovmbulletinoct2016-3090547.html
- http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2016-3090545.html
- 91081
- 1036054
- http://www.splunk.com/view/SP-CAAAPUE
- http://www.splunk.com/view/SP-CAAAPSV
- GLSA-201612-16
- https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA40312
- https://bto.bluecoat.com/security-advisory/sa132
- http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10759
- https://www.tenable.com/security/tns-2016-16
- http://www-01.ibm.com/support/docview.wss?uid=swg21995039
- http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html
- http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html
- https://www.tenable.com/security/tns-2016-21
- https://www.tenable.com/security/tns-2016-20
- FreeBSD-SA-16:26
- RHSA-2017:1658
- RHSA-2017:0194
- RHSA-2017:0193
- RHSA-2017:1659
- RHSA-2016:2957
- RHSA-2016:1940
- http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html
- http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html
- https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03856en_us
- https://kc.mcafee.com/corporate/index?page=content&id=SB10215
- SUSE-SU-2016:2458
- DSA-3673
- SUSE-SU-2016:2394
- https://support.f5.com/csp/article/K53084033
- https://support.hpe.com/hpsc/doc/public/display?docLocale=en&docId=emr_na-hpesbhf03856en_us
- [oss-security] 20160608 Re: CVE-2016-2178: OpenSSL DSA follows a non-constant time codepath for certain operations
- [oss-security] 20160608 Re: CVE-2016-2178: OpenSSL DSA follows a non-constant time codepath for certain operations
- SUSE-SU-2017:2699
- [oss-security] 20160608 Re: CVE-2016-2178: OpenSSL DSA follows a non-constant time codepath for certain operations
- openSUSE-SU-2016:2537
- [oss-security] 20160608 Re: CVE-2016-2178: OpenSSL DSA follows a non-constant time codepath for certain operations
- [oss-security] 20160608 Re: CVE-2016-2178: OpenSSL DSA follows a non-constant time codepath for certain operations
- [oss-security] 20160608 Re: CVE-2016-2178: OpenSSL DSA follows a non-constant time codepath for certain operations
- https://www.arista.com/en/support/advisories-notices/security-advisories/1749-security-advisory-24
- SUSE-SU-2016:2469
- [oss-security] 20160608 Re: CVE-2016-2178: OpenSSL DSA follows a non-constant time codepath for certain operations
- [oss-security] 20160608 Re: CVE-2016-2178: OpenSSL DSA follows a non-constant time codepath for certain operations
- openSUSE-SU-2018:0458
- USN-3087-2
- openSUSE-SU-2016:2391
- SUSE-SU-2016:2468
- http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170322-01-openssl-en
- USN-3087-1
- openSUSE-SU-2016:2407
- SUSE-SU-2017:2700
- 20170717 Orion Elite Hidden IP Browser Pro - All Versions - Multiple Known Vulnerabilities
- openSUSE-SU-2016:2496
- 20160927 Multiple Vulnerabilities in OpenSSL Affecting Cisco Products: September 2016
- https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-c05302448
- SUSE-SU-2016:2387
- [oss-security] 20160609 Re: CVE-2016-2178: OpenSSL DSA follows a non-constant time codepath for certain operations
- https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf
- https://git.openssl.org/?p=openssl.git%3Ba=commit%3Bh=399944622df7bd81af62e67ea967c470534090e2
Published: Sept. 1, 2016
Modified: Feb. 13, 2023
Modified: Feb. 13, 2023
CVE-2016-2183
The DES and Triple DES ciphers, as used in the TLS, SSH, and IPSec protocols and other protocols and products, have a birthday bound of approximately four billion blocks, which makes it easier for remote attackers to obtain cleartext data via a birthday attack against a long-duration encrypted session, as demonstrated by an HTTPS session using Triple DES in CBC mode, aka a "Sweet32" attack.
Severity: HIGH (7.5) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Links:
- https://bugzilla.redhat.com/show_bug.cgi?id=1369383
- https://www.openssl.org/blog/blog/2016/08/24/sweet32/
- https://access.redhat.com/articles/2548661
- [tls] 20091120 RC4+3DES rekeying - long-lived TLS connections
- https://www.nccgroup.trust/us/about-us/newsroom-and-events/blog/2016/august/new-practical-attacks-on-64-bit-block-ciphers-3des-blowfish/
- https://github.com/ssllabs/ssllabs-scan/issues/387#issuecomment-242514633
- https://blog.cryptographyengineering.com/2016/08/24/attack-of-week-64-bit-ciphers-in-tls/
- https://www.sigsac.org/ccs/CCS2016/accepted-papers/
- https://www.teskalabs.com/blog/teskalabs-bulletin-160826-seacat-sweet32-issue
- https://access.redhat.com/security/cve/cve-2016-2183
- https://nakedsecurity.sophos.com/2016/08/25/anatomy-of-a-cryptographic-collision-the-sweet32-attack/
- https://sweet32.info/
- SUSE-SU-2016:2470
- https://nodejs.org/en/blog/vulnerability/september-2016-security-releases/
- https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05302448
- https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05309984
- http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html
- http://www.oracle.com/technetwork/topics/security/ovmbulletinoct2016-3090547.html
- http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2016-3090545.html
- https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05323116
- 92630
- https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05349499
- https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05356388
- http://www.splunk.com/view/SP-CAAAPUE
- http://www.splunk.com/view/SP-CAAAPSV
- GLSA-201612-16
- https://kc.mcafee.com/corporate/index?page=content&id=SB10171
- https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA40312
- https://bto.bluecoat.com/security-advisory/sa133
- http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10759
- https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05369403
- 95568
- https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05369415
- https://www.tenable.com/security/tns-2016-16
- http://www-01.ibm.com/support/docview.wss?uid=swg21995039
- http://www-01.ibm.com/support/docview.wss?uid=swg21991482
- http://www-01.ibm.com/support/docview.wss?uid=nas8N1021697
- https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05385680
- GLSA-201701-65
- https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390722
- https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390849
- https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03725en_us
- GLSA-201707-01
- http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html
- https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbgn03765en_us
- 1036696
- http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html
- https://www.tenable.com/security/tns-2017-09
- https://www.tenable.com/security/tns-2016-21
- https://www.tenable.com/security/tns-2016-20
- https://security.netapp.com/advisory/ntap-20170119-0001/
- https://security.netapp.com/advisory/ntap-20160915-0001/
- RHSA-2017:3240
- RHSA-2017:3239
- RHSA-2017:3114
- RHSA-2017:3113
- RHSA-2017:2710
- RHSA-2017:2709
- RHSA-2017:2708
- RHSA-2017:1216
- RHSA-2017:0462
- RHSA-2017:0338
- RHSA-2017:0337
- RHSA-2017:0336
- http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html
- https://ics-cert.us-cert.gov/advisories/ICSMA-18-058-02
- http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html
- RHSA-2018:2123
- https://www.mitel.com/en-ca/support/security-advisories/mitel-product-security-advisory-17-0008
- RHSA-2019:1245
- https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html
- RHSA-2019:2859
- https://www.oracle.com/security-alerts/cpujan2020.html
- RHSA-2020:0451
- https://kc.mcafee.com/corporate/index?page=content&id=SB10310
- https://www.oracle.com/security-alerts/cpuapr2020.html
- https://www.oracle.com/security-alerts/cpujul2020.html
- https://www.oracle.com/security-alerts/cpuoct2020.html
- https://www.oracle.com/security-alerts/cpuoct2021.html
- USN-3270-1
- https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-c05369415
- SUSE-SU-2017:0490
- 20170329 [security bulletin] HPESBUX03725 rev.1 - HPE HP-UX Web Server Suite running Apache, Multiple Vulnerabilities
- SUSE-SU-2017:0346
- 20181113 [security bulletin] MFSBGN03831 rev. - Service Management Automation, remote disclosure of information
- SUSE-SU-2017:2699
- openSUSE-SU-2016:2537
- https://www.arista.com/en/support/advisories-notices/security-advisories/1749-security-advisory-24
- USN-3372-1
- SUSE-SU-2016:2469
- 20170529 SSD Advisory - IBM Informix Dynamic Server and Informix Open Admin Tool Multiple Vulnerabilities
- https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-c05385680
- https://softwaresupport.softwaregrp.com/document/-/facetsearch/document/KM03158613
- https://wiki.opendaylight.org/view/Security_Advisories
- USN-3087-2
- 20180510 [security bulletin] MFSBGN03805 - HP Service Manager, Remote Disclosure of Information
- openSUSE-SU-2017:0374
- SUSE-SU-2016:2468
- USN-3087-1
- openSUSE-SU-2016:2407
- USN-3194-1
- USN-3179-1
- USN-3198-1
- 20170717 Orion Elite Hidden IP Browser Pro - All Versions - Multiple Known Vulnerabilities
- openSUSE-SU-2016:2496
- https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-c05369403
- openSUSE-SU-2017:0513
- SUSE-SU-2016:2387
- 20170831 [security bulletin] HPESBGN03765 rev.2 - HPE LoadRunner and HPE Performance Center, Remote Disclosure of Information
- 20161207 [security bulletin] HPSBHF03674 rev.1 HPE Comware 5 and Comware 7 Network Products using SSL/TLS, Remote Disclosure of Information
- SUSE-SU-2017:0460
- https://kc.mcafee.com/corporate/index?page=content&id=SB10215
- 20161207 [security bulletin] HPSBHF03674 rev.1 HPE Comware 5 and Comware 7 Network Products using SSL/TLS, Remote Disclosure of Information
- SUSE-SU-2016:2458
- 20180510 [security bulletin] MFSBGN03805 - HP Service Manager, Remote Disclosure of Information
- https://support.f5.com/csp/article/K13167034
- 42091
- 20170214 [security bulletin] HPESBGN03697 rev.1 - HPE Business Service Management (BSM), Remote Disclosure of Information
- https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-c05390849
- DSA-3673
- SUSE-SU-2016:2394
- 20170831 [security bulletin] HPESBGN03765 rev.2 - HPE LoadRunner and HPE Performance Center, Remote Disclosure of Information
- https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-c05390722
- https://kc.mcafee.com/corporate/index?page=content&id=SB10186
- http://packetstormsecurity.com/files/142756/IBM-Informix-Dynamic-Server-DLL-Injection-Code-Execution.html
- openSUSE-SU-2018:0458
- https://softwaresupport.softwaregrp.com/document/-/facetsearch/document/KM03286178
- openSUSE-SU-2016:2391
- http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170322-01-openssl-en
- https://kc.mcafee.com/corporate/index?page=content&id=SB10197
- SUSE-SU-2017:1444
- SUSE-SU-2017:2700
- https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-c05302448
- 20170329 [security bulletin] HPESBUX03725 rev.1 - HPE HP-UX Web Server Suite running Apache, Multiple Vulnerabilities
- https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf
Published: Oct. 10, 2016
Modified: Jan. 5, 2018
Modified: Jan. 5, 2018
CVE-2016-5325
CRLF injection vulnerability in the ServerResponse#writeHead function in Node.js 0.10.x before 0.10.47, 0.12.x before 0.12.16, 4.x before 4.6.0, and 6.x before 6.7.0 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via the reason argument.
Severity: MEDIUM (6.1) Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Links:
Published: Sept. 16, 2016
Modified: Feb. 13, 2023
Modified: Feb. 13, 2023
CVE-2016-6303
Integer overflow in the MDC2_Update function in crypto/mdc2/mdc2dgst.c in OpenSSL before 1.1.0 allows remote attackers to cause a denial of service (out-of-bounds write and application crash) or possibly have unspecified other impact via unknown vectors.
Severity: CRITICAL (9.8) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Links:
- https://bugzilla.redhat.com/show_bug.cgi?id=1370146
- https://nodejs.org/en/blog/vulnerability/september-2016-security-releases/
- http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html
- 92984
- https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA40312
- https://bto.bluecoat.com/security-advisory/sa132
- http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10759
- https://www.tenable.com/security/tns-2016-16
- http://www-01.ibm.com/support/docview.wss?uid=swg21995039
- 1036885
- http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html
- http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html
- https://www.tenable.com/security/tns-2016-21
- https://www.tenable.com/security/tns-2016-20
- FreeBSD-SA-16:26
- http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html
- http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html
- https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf
- https://git.openssl.org/?p=openssl.git%3Ba=commit%3Bh=55d83bf7c10c7b205fffa23fa7c3977491e56c07
Published: Sept. 26, 2016
Modified: Nov. 7, 2023
Modified: Nov. 7, 2023
CVE-2016-6304
Multiple memory leaks in t1_lib.c in OpenSSL before 1.0.1u, 1.0.2 before 1.0.2i, and 1.1.0 before 1.1.0a allow remote attackers to cause a denial of service (memory consumption) via large OCSP Status Request extensions.
Severity: HIGH (7.5) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Links:
- https://www.openssl.org/news/secadv/20160922.txt
- SUSE-SU-2016:2470
- https://nodejs.org/en/blog/vulnerability/september-2016-security-releases/
- http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html
- http://www.oracle.com/technetwork/topics/security/ovmbulletinoct2016-3090547.html
- http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2016-3090545.html
- 93150
- http://www.splunk.com/view/SP-CAAAPUE
- http://www.splunk.com/view/SP-CAAAPSV
- GLSA-201612-16
- https://kc.mcafee.com/corporate/index?page=content&id=SB10171
- https://bto.bluecoat.com/security-advisory/sa132
- http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10759
- RHSA-2016:2802
- https://www.tenable.com/security/tns-2016-16
- http://www-01.ibm.com/support/docview.wss?uid=swg21995039
- 1037640
- 1036878
- http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html
- http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html
- https://www.tenable.com/security/tns-2016-21
- https://www.tenable.com/security/tns-2016-20
- FreeBSD-SA-16:26
- RHSA-2017:2494
- RHSA-2017:2493
- RHSA-2017:1802
- RHSA-2017:1801
- RHSA-2017:1658
- RHSA-2017:1414
- RHSA-2017:1413
- RHSA-2017:1659
- RHSA-2017:1415
- RHSA-2016:1940
- http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html
- http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html
- openSUSE-SU-2016:2788
- openSUSE-SU-2016:2769
- https://kc.mcafee.com/corporate/index?page=content&id=SB10215
- SUSE-SU-2016:2458
- https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA40312
- DSA-3673
- SUSE-SU-2016:2394
- SUSE-SU-2017:2699
- openSUSE-SU-2016:2537
- https://www.arista.com/en/support/advisories-notices/security-advisories/1749-security-advisory-24
- 20161012 New OpenSSL double-free and invalid free vulnerabilities in X509 parsing
- SUSE-SU-2016:2469
- openSUSE-SU-2018:0458
- USN-3087-2
- openSUSE-SU-2016:2391
- 20161214 APPLE-SA-2016-12-13-1 macOS 10.12.2
- SUSE-SU-2016:2468
- http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170322-01-openssl-en
- USN-3087-1
- openSUSE-SU-2016:2407
- SUSE-SU-2017:2700
- 20170717 Orion Elite Hidden IP Browser Pro - All Versions - Multiple Known Vulnerabilities
- openSUSE-SU-2016:2496
- SUSE-SU-2016:2387
- http://packetstormsecurity.com/files/139091/OpenSSL-x509-Parsing-Double-Free-Invalid-Free.html
- https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf
- https://git.openssl.org/?p=openssl.git%3Ba=commit%3Bh=2c0d295e26306e15a92eb23a84a1802005c1c137
Published: Sept. 26, 2016
Modified: Nov. 7, 2023
Modified: Nov. 7, 2023
CVE-2016-6306
The certificate parser in OpenSSL before 1.0.1u and 1.0.2 before 1.0.2i might allow remote attackers to cause a denial of service (out-of-bounds read) via crafted certificate operations, related to s3_clnt.c and s3_srvr.c.
Severity: MEDIUM (5.9) Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
Links:
- https://www.openssl.org/news/secadv/20160922.txt
- SUSE-SU-2016:2470
- https://nodejs.org/en/blog/vulnerability/september-2016-security-releases/
- https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05302448
- http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html
- http://www.oracle.com/technetwork/topics/security/ovmbulletinoct2016-3090547.html
- http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2016-3090545.html
- 93153
- GLSA-201612-16
- https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA40312
- https://bto.bluecoat.com/security-advisory/sa132
- http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10759
- https://www.tenable.com/security/tns-2016-16
- http://www-01.ibm.com/support/docview.wss?uid=swg21995039
- 1036885
- http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html
- http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html
- https://www.tenable.com/security/tns-2016-21
- https://www.tenable.com/security/tns-2016-20
- FreeBSD-SA-16:26
- RHSA-2016:1940
- http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html
- http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html
- https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03856en_us
- RHSA-2018:2187
- RHSA-2018:2186
- RHSA-2018:2185
- https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html
- https://www.oracle.com/security-alerts/cpujan2020.html
- https://www.oracle.com/security-alerts/cpuapr2020.html
- https://www.oracle.com/security-alerts/cpujul2020.html
- https://www.oracle.com/security-alerts/cpuoct2020.html
- https://kc.mcafee.com/corporate/index?page=content&id=SB10215
- SUSE-SU-2016:2458
- DSA-3673
- SUSE-SU-2016:2394
- https://support.hpe.com/hpsc/doc/public/display?docLocale=en&docId=emr_na-hpesbhf03856en_us
- SUSE-SU-2017:2699
- openSUSE-SU-2016:2537
- https://www.arista.com/en/support/advisories-notices/security-advisories/1749-security-advisory-24
- https://support.f5.com/csp/article/K90492697
- SUSE-SU-2016:2469
- openSUSE-SU-2018:0458
- USN-3087-2
- openSUSE-SU-2016:2391
- SUSE-SU-2016:2468
- http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170322-01-openssl-en
- USN-3087-1
- openSUSE-SU-2016:2407
- SUSE-SU-2017:2700
- 20170717 Orion Elite Hidden IP Browser Pro - All Versions - Multiple Known Vulnerabilities
- openSUSE-SU-2016:2496
- https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-c05302448
- SUSE-SU-2016:2387
- https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf
- https://git.openssl.org/?p=openssl.git%3Ba=commit%3Bh=52e623c4cb06fffa9d5e75c60b34b4bc130b12e9
Published: Sept. 26, 2016
Modified: Nov. 7, 2023
Modified: Nov. 7, 2023
CVE-2016-7052
crypto/x509/x509_vfy.c in OpenSSL 1.0.2i allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) by triggering a CRL operation.
Severity: HIGH (7.5) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Links:
- https://www.openssl.org/news/secadv/20160926.txt
- 93171
- SUSE-SU-2016:2470
- http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html
- GLSA-201612-16
- https://kc.mcafee.com/corporate/index?page=content&id=SB10171
- https://bto.bluecoat.com/security-advisory/sa132
- http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10759
- https://www.tenable.com/security/tns-2016-16
- http://www-01.ibm.com/support/docview.wss?uid=swg21995039
- 1036885
- http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html
- http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html
- https://www.tenable.com/security/tns-2016-20
- https://www.tenable.com/security/tns-2016-19
- FreeBSD-SA-16:27
- http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html
- http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html
- https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03856en_us
- https://git.openssl.org/?p=openssl.git%3Ba=commit%3Bh=6e629b5be45face20b4ca71c4fcbfed78b864a2e
Published: Oct. 10, 2016
Modified: Jan. 5, 2018
Modified: Jan. 5, 2018
CVE-2016-7099
The tls.checkServerIdentity function in Node.js 0.10.x before 0.10.47, 0.12.x before 0.12.16, 4.x before 4.6.0, and 6.x before 6.7.0 does not properly handle wildcards in name fields of X.509 certificates, which allows man-in-the-middle attackers to spoof servers via a crafted certificate.
Severity: MEDIUM (5.9) Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
Links: