[manjaro-security] [arch-security] [ASA-201603-2] openssl: multiple issues

Levente Polyak anthraxx at archlinux.org
Mon Mar 7 01:04:07 CET 2016

Arch Linux Security Advisory ASA-201603-2

Severity: High
Date    : 2016-03-07
CVE-ID  : CVE-2016-0702 CVE-2016-0705 CVE-2016-0797 CVE-2016-0798
          CVE-2016-0799 CVE-2016-0800
Package : openssl
Type    : multiple issues
Remote  : Yes
Link    : https://wiki.archlinux.org/index.php/CVE


The package openssl before version 1.0.2.g-3 is vulnerable to multiple
issues including but not limited to private key extraction, denial of
service, arbitrary code execution, resource consumption and
cross-protocol attacks leading to cipher text decryption.


Upgrade to 1.0.2.g-3.

# pacman -Syu "openssl>=1.0.2.g-3"

The problems have been fixed upstream in version 1.0.2.g-3.




- CVE-2016-0702 (private key extraction)

A side-channel attack was found that makes use of cache-bank conflicts
on the Intel Sandy-Bridge microarchitecture. An attacker who has the
ability to control code in a thread running on the same hyper-threaded
core as the victim's thread that is performing decryption, could use
this flaw to recover RSA private keys.

- CVE-2016-0705 (denial of service)

A double-free flaw was found in the way OpenSSL parsed certain malformed
DSA (Digital Signature Algorithm) private keys. An attacker could create
specially crafted DSA private keys that, when processed by an
application compiled against OpenSSL, could cause the application to crash.

- CVE-2016-0797 (arbitrary code execution)

An integer overflow flaw, leading to a NULL pointer dereference or a
heap-based memory corruption, was found in the way some BIGNUM functions
of OpenSSL were implemented. Applications that use these functions with
large untrusted input could crash or, potentially, execute arbitrary code.

- CVE-2016-0798 (resource consumption)

A memory leak flaw was found in the way OpenSSL performed SRP user
database look-ups using the SRP_VBASE_get_by_user() function. A remote
attacker connecting to certain SRP servers with an invalid user name
could leak approximately 300 bytes of the server's memory per connection.

- CVE-2016-0799 (denial of service)

The fmtstr function in crypto/bio/b_print.c improperly calculates string
lengths, which allows remote attackers to cause a denial of service
(overflow and out-of-bounds read) or possibly have unspecified other
impact via a long string, as demonstrated by a large amount of ASN.1
data, a different vulnerability than CVE-2016-2842.

- CVE-2016-0800 (cross-protocol attack)

A padding oracle flaw was found in the Secure Sockets Layer version 2.0
(SSLv2) protocol. An attacker can potentially use this flaw to decrypt
RSA-encrypted cipher text from a connection using a newer SSL/TLS
protocol version, allowing them to decrypt such connections. This
cross-protocol attack is publicly referred to as DROWN.


A remote attacker is able to use multiple issues to perform a denial of
service attack, trigger a memory leak resulting in resource consumption,
use a cross-protocol attack that is leading to cipher text decryption or
possibly execute arbitrary code under certain circumstances.
Furthermore a local attacker may be able to extract the RSA private key
by running code in a thread that is running on the same hyper-threaded
core as the victim's thread that is performing decryption.



-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: OpenPGP digital signature
URL: <http://lists.manjaro.org/pipermail/manjaro-security/attachments/20160307/564d2285/attachment.pgp>

More information about the manjaro-security mailing list