[security-announce] Security Update: OpenSSL Upgrade to address multiple CVEs

Sona Sarmadi sona.sarmadi at enea.com
Wed May 11 14:01:57 CEST 2016


		Enea Linux Security Advisory

=========================================================
Product/package: Enea Linux 5.0-arm and 5.0-ppc: OpenSSL 1.0.1t
Severity: See below
CVE Names: CVE-2016-2105, CVE-2016-2106, CVE-2016-2107,
CVE-2016-2108, CVE-2016-2109, CVE-2016-2176,
=========================================================

The upgrade 1.0.1p --> 1.0.1t fixes the following vulnerabilities:

CVE-2016-2105 [Low severity]
Integer overflow in the EVP_EncodeUpdate function in crypto/evp/encode.c
in OpenSSL before 1.0.1t and 1.0.2 before 1.0.2h allows remote attackers
to cause a denial of service (heap memory
corruption) via a large amount of binary data.

CVE-2016-2106 [Low severity]
Integer overflow in the EVP_EncryptUpdate function in
crypto/evp/evp_enc.c in OpenSSL before 1.0.1t and 1.0.2 before 1.0.2h
allows remote attackers to cause a denial of service (heap memory
corruption) via a large amount of data.

CVE-2016-2107  [High severity]
The AES-NI implementation in OpenSSL before 1.0.1t and 1.0.2 before
1.0.2h does not consider memory allocation during a certain padding
check, which allows remote attackers to obtain sensitive cleartext
information via a padding-oracle attack against an AES CBC session,
NOTE: this vulnerability exists because of an incorrect fix for
CVE-2013-0169.

CVE-2016-2108 [High severity]
The ASN.1 implementation in OpenSSL before 1.0.1o and 1.0.2 before
1.0.2c allows remote attackers to execute arbitrary code or cause a
denial of service (buffer underflow and memory corruption) via an ANY
field in crafted serialized data, aka the "negative zero" issue.

CVE-2016-2109 [Low severity]
The asn1_d2i_read_bio function in crypto/asn1/a_d2i_fp.c in the ASN.1
BIO implementation in OpenSSL before 1.0.1t and 1.0.2 before 1.0.2h
allows remote attackers to cause a denial of service (memory
consumption) via a short invalid encoding.


CVE-2016-2176 [Low severity]
The X509_NAME_oneline function in crypto/x509/x509_obj.c in OpenSSL
before 1.0.1t and 1.0.2 before 1.0.2h allows remote attackers to obtain
sensitive information from process stack memory or cause a denial of
service (buffer over-read) via crafted EBCDIC ASN.1 data.

Reference:
https://openssl.org/news/secadv/20160503.txt

Correction for Enea Linux 5.0:
http://git.enea.com/cgit/linux/poky.git/patch/?id=94e9e6a21b26c8bd0b194d4c2a65cbcb9464a553

How to get the latest patches
=============================
- If you have already cloned needed repositories, update it to get new
security patches.

cd Enea-Linux-5.0/poky
git pull

- If you have not yet cloned needed repositories, do it as described
below. (All patches are fetched implicitly when cloning the repos).

mkdir Enea-Linux-5.0
git -C Enea-Linux-5.0 clone -b dizzy-enea git://git.enea.com/linux/poky.git
POKY=Enea-Linux-5.0/poky
git -C $POKY clone -b dizzy-enea git://git.enea.com/linux/meta-enea.git
git -C $POKY clone -b dizzy-enea git://git.enea.com/linux/meta-fsl-ppc.git
git -C $POKY clone -b dizzy-enea git://git.enea.com/linux/meta-
hierofalcon.git
git -C $POKY clone -b dizzy-enea git://git.enea.com/linux/meta-linaro.git
git -C $POKY clone -b dizzy-enea git://git.enea.com/linux/meta-
openembedded.git
git -C $POKY clone -b dizzy-enea
git://git.enea.com/linux/meta-virtualization.git
git -C $POKY/meta-enea clone -b dizzy-enea
git://git.enea.com/linux/meta-enea/meta-vt.git

If you have any questions regarding the security patches and security
updates please contact security at enea.com.

Enea Security Team
Sona Sarmadi
Mobile: +46 70 971 4475
www.enea.com

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 473 bytes
Desc: OpenPGP digital signature
URL: <http://mail.lists.enea.com/pipermail/security-announce/attachments/20160511/8e5f01da/attachment-0002.sig>


More information about the security-announce mailing list