SB2016030305 - Slackware Linux update for openssl
Published: March 3, 2016 Updated: April 24, 2025
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 6 secuirty vulnerabilities.
1) Information disclosure (CVE-ID: CVE-2016-0800)
The vulnerability allows a remote attacker to decrypt sensitive information.The vulnerability exists due to usage of weak SSLv2 protocol, which requires to send a ServerVerify message before establishing that a client possesses certain plaintext RSA data. A remote attacker can decrypt TLS ciphertext data by leveraging a Bleichenbacher RSA padding oracle.
The vulnerability is dubbed "DROWN" attack.
2) Double free error (CVE-ID: CVE-2016-0705)
The vulnerability allows a remote unauthenticated attacker to cause DoS condition on the target system.The weakness exists due to double-free error when parsing DSA private keys. A remote attacker can trigger memory corruption and cause the service to crash.
3) Memory leak (CVE-ID: CVE-2016-0798)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the SRP_VBASE_get_by_user implementation in OpenSSL. A remote attacker can perform a denial of service attack (memory consumption) by providing an invalid username in a connection attempt, related to apps/s_server.c and crypto/srp/srp_vfy.c
4) Input validation error (CVE-ID: CVE-2016-0797)
The vulnerability allows remote attackers to perform a denial of service (DoS) attack.
The vulnerability exists due to insufficient validation of user-supplied input. A remote attacker can cause a denial of service (heap memory corruption or NULL pointer dereference) or possibly have unspecified other impact via a long digit string that is mishandled by the (1) BN_dec2bn or (2) BN_hex2bn function, related to crypto/bn/bn.h and crypto/bn/bn_print.c.
5) Buffer overflow (CVE-ID: CVE-2016-0799)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to fmtstr function in crypto/bio/b_print.c in OpenSSL improperly calculates string lengths. A remote attacker can cause a denial of service (overflow and out-of-bounds read) or possibly have unspecified other impact via a long string.
6) Information disclosure (CVE-ID: CVE-2016-0702)
The vulnerability allows a local attacker to decrypt data passed via encrypted SSL connection.The vulnerability exists in the MOD_EXP_CTIME_COPY_FROM_PREBUF() function in crypto/bn/bn_exp.c. The application does not properly consider cache-bank access times during modular exponentiation, which makes it easier for local users to discover RSA keys by running a crafted application on the same Intel Sandy Bridge CPU core as a victim and leveraging cache-bank conflicts.
The vulnerability was dubbed "CacheBleed".
Remediation
Install update from vendor's website.