CVE-2017-3732

Related Files

FreeBSD Security Advisory - FreeBSD-SA-17:02.openssl

Posted Feb 23, 2017

Site security.freebsd.org

FreeBSD Security Advisory - If an SSL/TLS server or client is running on a 32-bit host, and a specific cipher is being used, then a truncated packet can cause that server or client to perform an out-of-bounds read, usually resulting in a crash. There is a carry propagating bug in the x86_64 Montgomery squaring procedure. No EC algorithms are affected. Analysis suggests that attacks against RSA and DSA as a result of this defect would be very difficult to perform and are not believed likely. Attacks against DH are considered just feasible (although very difficult) because most of the work necessary to deduce information about a private key may be performed offline. The amount of resources required for such an attack would be very significant and likely only accessible to a limited number of attackers. An attacker would additionally need online access to an unpatched system using the target private key in a scenario with persistent DH parameters and a private key that is shared between multiple clients. Various other issues have also been identified.

tags | advisory

systems | freebsd, bsd

advisories | CVE-2016-7055, CVE-2017-3731, CVE-2017-3732

MD5 | 61e028674e75cf79a6ef2b0daf4f97e0

Download | Favorite | Comments (0)

Gentoo Linux Security Advisory 201702-07

Posted Feb 14, 2017

Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201702-7 - Multiple vulnerabilities have been found in OpenSSL, the worst of which might allow attackers to access sensitive information. Versions less than 1.0.2k are affected.

tags | advisory, vulnerability

systems | linux, gentoo

advisories | CVE-2016-7055, CVE-2017-3730, CVE-2017-3731, CVE-2017-3732

MD5 | c6bf4dc6a719248f0294007cdff98ed7

Download | Favorite | Comments (0)

Slackware Security Advisory - openssl Updates

Posted Feb 13, 2017

Authored by Slackware Security Team | Site slackware.com

Slackware Security Advisory - New openssl packages are available for Slackware 14.2 and -current to fix security issues.

tags | advisory

systems | linux, slackware

advisories | CVE-2016-7055, CVE-2017-3731, CVE-2017-3732

MD5 | 443590d470a124a7e37f1eb84463977d

Download | Favorite | Comments (0)

Ubuntu Security Notice USN-3181-1

Posted Feb 1, 2017

Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3181-1 - Guido Vranken discovered that OpenSSL used undefined behaviour when performing pointer arithmetic. A remote attacker could possibly use this issue to cause OpenSSL to crash, resulting in a denial of service. This issue only applied to Ubuntu 12.04 LTS and Ubuntu 14.04 LTS as other releases were fixed in a previous security update. It was discovered that OpenSSL did not properly handle Montgomery multiplication, resulting in incorrect results leading to transient failures. This issue only applied to Ubuntu 16.04 LTS, and Ubuntu 16.10. Various other issues were also addressed.

tags | advisory, remote, denial of service

systems | linux, ubuntu

advisories | CVE-2016-2177, CVE-2016-7055, CVE-2016-7056, CVE-2016-8610, CVE-2017-3731, CVE-2017-3732

MD5 | 0f9680e2f4dbf5ff74ebda76238f5372

Download | Favorite | Comments (0)

OpenSSL Toolkit 1.0.2k

Posted Jan 26, 2017

Site openssl.org

OpenSSL is a robust, fully featured Open Source toolkit implementing the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols with full-strength cryptography world-wide.

Changes: Bug fixes for an out-of-bounds read, a carry propagating bug, and multiple other issues.

tags | tool, encryption, protocol

systems | unix

advisories | CVE-2016-7055, CVE-2017-3731, CVE-2017-3732

MD5 | f965fc0bf01bf882b31314b61391ae65

Download | Favorite | Comments (0)