what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 9 of 9 RSS Feed

CVE-2016-6306

Status Candidate

Overview

The certificate parser in OpenSSL before 1.0.1u and 1.0.2 before 1.0.2i might allow remote attackers to cause a denial of service (out-of-bounds read) via crafted certificate operations, related to s3_clnt.c and s3_srvr.c.

Related Files

Red Hat Security Advisory 2018-2186-01
Posted Jul 12, 2018
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2018-2186-01 - This release adds the new Apache HTTP Server 2.4.29 packages that are part of the JBoss Core Services offering. This release serves as a replacement for Red Hat JBoss Core Services Apache HTTP Server 2.4.23, and includes bug fixes and enhancements. Issues addressed include a remote SQL injection vulnerability.

tags | advisory, remote, web, sql injection
systems | linux, redhat
advisories | CVE-2016-2182, CVE-2016-6302, CVE-2016-6306, CVE-2016-7055, CVE-2017-3731, CVE-2017-3732, CVE-2017-3736, CVE-2017-3737, CVE-2017-3738
SHA-256 | 3ae001c838be7fe63f3f17218120c104c0337869b4012d6ba095f9df05b116a8
Red Hat Security Advisory 2018-2185-01
Posted Jul 12, 2018
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2018-2185-01 - This release adds the new Apache HTTP Server 2.4.29 packages that are part of the JBoss Core Services offering. This release serves as a replacement for Red Hat JBoss Core Services Apache HTTP Server 2.4.23, and includes bug fixes and enhancements. Issues addressed include a remote SQL injection vulnerability.

tags | advisory, remote, web, sql injection
systems | linux, redhat
advisories | CVE-2016-2182, CVE-2016-6302, CVE-2016-6306, CVE-2016-7055, CVE-2017-3731, CVE-2017-3732, CVE-2017-3736, CVE-2017-3737, CVE-2017-3738
SHA-256 | 7e87933107e4717883ce5385c59d3741b7ecc791f11d4f3340888ec72b50870b
Red Hat Security Advisory 2018-2187-01
Posted Jul 12, 2018
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2018-2187-01 - This release adds the new Apache HTTP Server 2.4.29 packages that are part of the JBoss Core Services offering. This release serves as a replacement for Red Hat JBoss Core Services Apache HTTP Server 2.4.23, and includes bug fixes and enhancements. Issues addressed include out-of-bounds access.

tags | advisory, web
systems | linux, redhat
advisories | CVE-2016-2182, CVE-2016-6302, CVE-2016-6306, CVE-2016-7055, CVE-2017-3731, CVE-2017-3732, CVE-2017-3736, CVE-2017-3737, CVE-2017-3738
SHA-256 | 3cf3a4008f8603285e63957d08f151b7215154836af4d8dfe0c8ddd59cc6c556
Gentoo Linux Security Advisory 201612-16
Posted Dec 7, 2016
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201612-16 - Multiple vulnerabilities have been found in OpenSSL, the worst of which allows attackers to conduct a time based side-channel attack. Versions less than 1.0.2j are affected.

tags | advisory, vulnerability
systems | linux, gentoo
advisories | CVE-2016-2105, CVE-2016-2106, CVE-2016-2107, CVE-2016-2108, CVE-2016-2109, CVE-2016-2176, CVE-2016-2177, CVE-2016-2178, CVE-2016-2180, CVE-2016-2183, CVE-2016-6304, CVE-2016-6305, CVE-2016-6306, CVE-2016-7052
SHA-256 | 267f0c13083d309d4f011bd2771d90788d5f04ad963b99fcd180d27463f73d7a
Red Hat Security Advisory 2016-1940-01
Posted Sep 27, 2016
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2016-1940-01 - OpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full-strength general-purpose cryptography library. Security Fix: A memory leak flaw was found in the way OpenSSL handled TLS status request extension data during session renegotiation. A remote attacker could cause a TLS server using OpenSSL to consume an excessive amount of memory and, possibly, exit unexpectedly after exhausting all available memory, if it enabled OCSP stapling support.

tags | advisory, remote, protocol, memory leak
systems | linux, redhat
advisories | CVE-2016-2177, CVE-2016-2178, CVE-2016-2179, CVE-2016-2180, CVE-2016-2181, CVE-2016-2182, CVE-2016-6302, CVE-2016-6304, CVE-2016-6306
SHA-256 | 19da4e9f2644bafd62ade81685cad4dbfebe84c91adc49693b780a7d22008e4e
Ubuntu Security Notice USN-3087-2
Posted Sep 23, 2016
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3087-2 - USN-3087-1 fixed vulnerabilities in OpenSSL. The fix for CVE-2016-2182 was incomplete and caused a regression when parsing certificates. This update fixes the problem. Shi Lei discovered that OpenSSL incorrectly handled the OCSP Status Request extension. A remote attacker could possibly use this issue to cause memory consumption, resulting in a denial of service. Guido Vranken discovered that OpenSSL used undefined behaviour when performing pointer arithmetic. A remote attacker could possibly use this issue to cause OpenSSL to crash, resulting in a denial of service. This issue has only been addressed in Ubuntu 16.04 LTS in this update. CAsar Pereida, Billy Brumley, and Yuval Yarom discovered that OpenSSL did not properly use constant-time operations when performing DSA signing. A remote attacker could possibly use this issue to perform a cache-timing attack and recover private DSA keys. Quan Luo discovered that OpenSSL did not properly restrict the lifetime of queue entries in the DTLS implementation. A remote attacker could possibly use this issue to consume memory, resulting in a denial of service. Shi Lei discovered that OpenSSL incorrectly handled memory in the TS_OBJ_print_bio function. A remote attacker could possibly use this issue to cause a denial of service. It was discovered that the OpenSSL incorrectly handled the DTLS anti-replay feature. A remote attacker could possibly use this issue to cause a denial of service. Various other issues were also addressed.

tags | advisory, remote, denial of service, vulnerability
systems | linux, ubuntu
advisories | CVE-2016-2177, CVE-2016-2178, CVE-2016-2179, CVE-2016-2180, CVE-2016-2181, CVE-2016-2182, CVE-2016-2183, CVE-2016-6302, CVE-2016-6303, CVE-2016-6304, CVE-2016-6306
SHA-256 | 866a666b9c95f3a131d4f84a0275b8f76cab02d1c331b6dda84b16932f9b0d80
Ubuntu Security Notice USN-3087-1
Posted Sep 22, 2016
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3087-1 - Shi Lei discovered that OpenSSL incorrectly handled the OCSP Status Request extension. A remote attacker could possibly use this issue to cause memory consumption, resulting in a denial of service. Guido Vranken discovered that OpenSSL used undefined behaviour when performing pointer arithmetic. A remote attacker could possibly use this issue to cause OpenSSL to crash, resulting in a denial of service. This issue has only been addressed in Ubuntu 16.04 LTS in this update. Various other issues were also addressed.

tags | advisory, remote, denial of service
systems | linux, ubuntu
advisories | CVE-2016-2177, CVE-2016-2178, CVE-2016-2179, CVE-2016-2180, CVE-2016-2181, CVE-2016-2182, CVE-2016-2183, CVE-2016-6302, CVE-2016-6303, CVE-2016-6304, CVE-2016-6306
SHA-256 | 36a754a10b5e01cc0dee6ee9fc630a143ff6e890a747d866691c58d6bc39ec95
Debian Security Advisory 3673-1
Posted Sep 22, 2016
Authored by Debian | Site debian.org

Debian Linux Security Advisory 3673-1 - Several vulnerabilities were discovered in OpenSSL.

tags | advisory, vulnerability
systems | linux, debian
advisories | CVE-2016-2177, CVE-2016-2178, CVE-2016-2179, CVE-2016-2180, CVE-2016-2181, CVE-2016-2182, CVE-2016-2183, CVE-2016-6302, CVE-2016-6303, CVE-2016-6304, CVE-2016-6306
SHA-256 | 097e35417672fd244d49ec1b5ad7ea3269ba4b14b613ec4f5f3f90843c6baef7
OpenSSL Toolkit 1.0.2i
Posted Sep 22, 2016
Site openssl.org

OpenSSL is a robust, fully featured Open Source toolkit implementing the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols with full-strength cryptography world-wide.

Changes: A large amount of security issues have been addressed.
tags | tool, encryption, protocol
systems | unix
advisories | CVE-2016-2177, CVE-2016-2178, CVE-2016-2179, CVE-2016-2180, CVE-2016-2181, CVE-2016-2182, CVE-2016-2183, CVE-2016-6302, CVE-2016-6303, CVE-2016-6304, CVE-2016-6306
SHA-256 | 9287487d11c9545b6efb287cdb70535d4e9b284dd10d51441d9b9963d000de6f
Page 1 of 1
Back1Next

File Archive:

August 2022

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Aug 1st
    20 Files
  • 2
    Aug 2nd
    4 Files
  • 3
    Aug 3rd
    6 Files
  • 4
    Aug 4th
    55 Files
  • 5
    Aug 5th
    16 Files
  • 6
    Aug 6th
    0 Files
  • 7
    Aug 7th
    0 Files
  • 8
    Aug 8th
    13 Files
  • 9
    Aug 9th
    13 Files
  • 10
    Aug 10th
    34 Files
  • 11
    Aug 11th
    16 Files
  • 12
    Aug 12th
    5 Files
  • 13
    Aug 13th
    0 Files
  • 14
    Aug 14th
    0 Files
  • 15
    Aug 15th
    0 Files
  • 16
    Aug 16th
    0 Files
  • 17
    Aug 17th
    0 Files
  • 18
    Aug 18th
    0 Files
  • 19
    Aug 19th
    0 Files
  • 20
    Aug 20th
    0 Files
  • 21
    Aug 21st
    0 Files
  • 22
    Aug 22nd
    0 Files
  • 23
    Aug 23rd
    0 Files
  • 24
    Aug 24th
    0 Files
  • 25
    Aug 25th
    0 Files
  • 26
    Aug 26th
    0 Files
  • 27
    Aug 27th
    0 Files
  • 28
    Aug 28th
    0 Files
  • 29
    Aug 29th
    0 Files
  • 30
    Aug 30th
    0 Files
  • 31
    Aug 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Hosting By
Rokasec
close