SB2016091929 - Denial of service in openssl (Alpine package)
Published: September 19, 2016
Security Bulletin ID
SB2016091929
Severity
Low
Patch available
YES
Number of vulnerabilities
1
Exploitation vector
Remote access
Highest impact
Denial of service
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 security vulnerability.
1) Denial of service (CVE-ID: CVE-2016-6303)
The vulnerability allows a remote unauthenticated user to cause DoS conditions on the vulnerable system.The weakness is caused by integer overflow in the MDC2_Update() function in 'crypto/mdc2/mdc2dgst.c'. By using large ammounts of input data attackers are able to trigger error in input length validation that leads to crash of the affected service.
Successful exploitation of the vulnerability will result in denial of service on the vulnerable system.
Remediation
Install update from vendor's website.
References
- https://git.alpinelinux.org/aports/commit/?id=3a3ffbd8e2b0a4b3e1b8fcf62f913a691bb4dae4
- https://git.alpinelinux.org/aports/commit/?id=a879e6eaf315a19b45fd424f12f9bf072b168946
- https://git.alpinelinux.org/aports/commit/?id=346532027d2b8b8d5cac13a2b7d86820dfaf34b7
- https://git.alpinelinux.org/aports/commit/?id=6ea715958d6486933e7cc3ca163e3d0691c9629d
- https://git.alpinelinux.org/aports/commit/?id=70b8770d37d514044077c7258c0e6e81aeeee5fe