Details of VAR-201605-0075

ID

VAR-201605-0075

CVE

CVE-2016-2105

TITLE

HPE Security Bulletin HPESBHF03756 1

Trust: 0.1

sources: PACKETSTORM: 142803

DESCRIPTION

Integer overflow in the EVP_EncodeUpdate function in crypto/evp/encode.c in OpenSSL before 1.0.1t and 1.0.2 before 1.0.2h allows remote attackers to cause a denial of service (heap memory corruption) via a large amount of binary data. It supports a variety of encryption algorithms, including symmetric ciphers, hash algorithms, security hashing algorithm, etc. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Note: the current version of the following document is available here: https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf03756en_us SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: hpesbhf03756en_us Version: 1 HPESBHF03756 rev.1 - HPE Network Products including Comware 7, iMC, and VCX running OpenSSL, Remote Denial of Service (DoS), Disclosure of Sensitive Information NOTICE: The information in this Security Bulletin should be acted upon as soon as possible. Release Date: 2017-06-05 Last Updated: 2017-06-05 Potential Security Impact: Remote: Denial of Service (DoS), Disclosure of Sensitive Information Source: Hewlett Packard Enterprise, Product Security Response Team VULNERABILITY SUMMARY Potential security vulnerabilities with OpenSSL have been addressed for HPE network products including Comware 7, iMC, and VCX. The vulnerabilities could be remotely exploited resulting in Denial of Service (DoS) or disclosure of sensitive information. References: - CVE-2016-2105 - Remote Denial of Service (DoS) - CVE-2016-2106 - Remote Denial of Service (DoS) - CVE-2016-2107 - Remote disclosure of sensitive information - CVE-2016-2108 - Remote Denial of Service (DoS) - CVE-2016-2109 - Remote Denial of Service (DoS) - CVE-2016-2176 - Remote Denial of Service (DoS) SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. - VCX Products All versions - Please refer to the RESOLUTION below for a list of updated products. - Comware v7 (CW7) Products All versions - Please refer to the RESOLUTION below for a list of updated products. - HP Intelligent Management Center (iMC) All versions - Please refer to the RESOLUTION below for a list of updated products. BACKGROUND CVSS Base Metrics ================= Reference, CVSS V3 Score/Vector, CVSS V2 Score/Vector CVE-2016-2105 5.3 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L 5.0 (AV:N/AC:L/Au:N/C:N/I:N/A:P) CVE-2016-2106 5.3 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L 5.0 (AV:N/AC:L/Au:N/C:N/I:N/A:P) CVE-2016-2107 3.7 CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N 2.6 (AV:N/AC:H/Au:N/C:P/I:N/A:N) CVE-2016-2108 9.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 10.0 (AV:N/AC:L/Au:N/C:C/I:C/A:C) CVE-2016-2109 7.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 7.8 (AV:N/AC:L/Au:N/C:N/I:N/A:C) CVE-2016-2176 6.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L 6.4 (AV:N/AC:L/Au:N/C:P/I:N/A:P) Information on CVSS is documented in HPE Customer Notice HPSN-2008-002 here: https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c01345499 RESOLUTION HPE has made the following software updates available to resolve the vulnerabilities in the Comware 7, iMC and VCX products running OpenSSL. **COMWARE 7 Products** + 12500 (Comware 7) - Version: R7377P02 * HP Network Products - JC072B HP 12500 Main Processing Unit - JC085A HP A12518 Switch Chassis - JC086A HP A12508 Switch Chassis - JC652A HP 12508 DC Switch Chassis - JC653A HP 12518 DC Switch Chassis - JC654A HP 12504 AC Switch Chassis - JC655A HP 12504 DC Switch Chassis - JF430A HP A12518 Switch Chassis - JF430B HP 12518 Switch Chassis - JF430C HP 12518 AC Switch Chassis - JF431A HP A12508 Switch Chassis - JF431B HP 12508 Switch Chassis - JF431C HP 12508 AC Switch Chassis - JG497A HP 12500 MPU w/Comware V7 OS - JG782A HP FF 12508E AC Switch Chassis - JG783A HP FF 12508E DC Switch Chassis - JG784A HP FF 12518E AC Switch Chassis - JG785A HP FF 12518E DC Switch Chassis - JG802A HP FF 12500E MPU * CVEs - CVE-2016-2105 - CVE-2016-2106 - CVE-2016-2107 - CVE-2016-2108 - CVE-2016-2109 - CVE-2016-2176 + 10500 (Comware 7) - Version: R7184 * HP Network Products - JC611A HP 10508-V Switch Chassis - JC612A HP 10508 Switch Chassis - JC613A HP 10504 Switch Chassis - JC748A HP 10512 Switch Chassis - JG608A HP FlexFabric 11908-V Switch Chassis - JG609A HP FlexFabric 11900 Main Processing Unit - JG820A HP 10504 TAA Switch Chassis - JG821A HP 10508 TAA Switch Chassis - JG822A HP 10508-V TAA Switch Chassis - JG823A HP 10512 TAA Switch Chassis - JG496A HP 10500 Type A MPU w/Comware v7 OS - JH198A HP 10500 Type D Main Processing Unit with Comware v7 Operating System - JH206A HP 10500 Type D TAA-compliant with Comware v7 Operating System Main Processing Unit * CVEs - CVE-2016-2105 - CVE-2016-2106 - CVE-2016-2107 - CVE-2016-2108 - CVE-2016-2109 - CVE-2016-2176 + 5900/5920 (Comware 7) - Version: R2422P02 * HP Network Products - JC772A HP 5900AF-48XG-4QSFP+ Switch - JG296A HP 5920AF-24XG Switch - JG336A HP 5900AF-48XGT-4QSFP+ Switch - JG510A HP 5900AF-48G-4XG-2QSFP+ Switch - JG554A HP 5900AF-48XG-4QSFP+ TAA Switch - JG555A HP 5920AF-24XG TAA Switch - JG838A HP FF 5900CP-48XG-4QSFP+ Switch - JH036A HP FlexFabric 5900CP 48XG 4QSFP+ TAA-Compliant - JH037A HP 5900AF 48XGT 4QSFP+ TAA-Compliant Switch - JH038A HP 5900AF 48G 4XG 2QSFP+ TAA-Compliant * CVEs - CVE-2016-2105 - CVE-2016-2106 - CVE-2016-2107 - CVE-2016-2108 - CVE-2016-2109 - CVE-2016-2176 + MSR1000 (Comware 7) - Version: R0306P52 * HP Network Products - JG875A HP MSR1002-4 AC Router - JH060A HP MSR1003-8S AC Router * CVEs - CVE-2016-2105 - CVE-2016-2106 - CVE-2016-2107 - CVE-2016-2108 - CVE-2016-2109 - CVE-2016-2176 + MSR2000 (Comware 7) - Version: R0306P52 * HP Network Products - JG411A HP MSR2003 AC Router - JG734A HP MSR2004-24 AC Router - JG735A HP MSR2004-48 Router - JG866A HP MSR2003 TAA-compliant AC Router * CVEs - CVE-2016-2105 - CVE-2016-2106 - CVE-2016-2107 - CVE-2016-2108 - CVE-2016-2109 - CVE-2016-2176 + MSR3000 (Comware 7) - Version: R0306P52 * HP Network Products - JG404A HP MSR3064 Router - JG405A HP MSR3044 Router - JG406A HP MSR3024 AC Router - JG407A HP MSR3024 DC Router - JG408A HP MSR3024 PoE Router - JG409A HP MSR3012 AC Router - JG410A HP MSR3012 DC Router - JG861A HP MSR3024 TAA-compliant AC Router * CVEs - CVE-2016-2105 - CVE-2016-2106 - CVE-2016-2107 - CVE-2016-2108 - CVE-2016-2109 - CVE-2016-2176 + MSR4000 (Comware 7) - Version: R0306P52 * HP Network Products - JG402A HP MSR4080 Router Chassis - JG403A HP MSR4060 Router Chassis - JG412A HP MSR4000 MPU-100 Main Processing Unit - JG869A HP MSR4000 TAA-compliant MPU-100 Main Processing Unit * CVEs - CVE-2016-2105 - CVE-2016-2106 - CVE-2016-2107 - CVE-2016-2108 - CVE-2016-2109 - CVE-2016-2176 + VSR (Comware 7) - Version: E0324 * HP Network Products - JG810AAE HP VSR1001 Virtual Services Router 60 Day Evaluation Software - JG811AAE HP VSR1001 Comware 7 Virtual Services Router - JG812AAE HP VSR1004 Comware 7 Virtual Services Router - JG813AAE HP VSR1008 Comware 7 Virtual Services Router * CVEs - CVE-2016-2105 - CVE-2016-2106 - CVE-2016-2107 - CVE-2016-2108 - CVE-2016-2109 - CVE-2016-2176 + 7900 (Comware 7) - Version: R2152 * HP Network Products - JG682A HP FlexFabric 7904 Switch Chassis - JG841A HP FlexFabric 7910 Switch Chassis - JG842A HP FlexFabric 7910 7.2Tbps Fabric / Main Processing Unit - JH001A HP FlexFabric 7910 2.4Tbps Fabric / Main Processing Unit - JH122A HP FlexFabric 7904 TAA-compliant Switch Chassis - JH123A HP FlexFabric 7910 TAA-compliant Switch Chassis - JH124A HP FlexFabric 7910 7.2Tbps TAA-compliant Fabric/Main Processing Unit - JH125A HP FlexFabric 7910 2.4Tbps TAA-compliant Fabric/Main Processing Unit * CVEs - CVE-2016-2105 - CVE-2016-2106 - CVE-2016-2107 - CVE-2016-2108 - CVE-2016-2109 - CVE-2016-2176 + 5130 (Comware 7) - Version: R3115 * HP Network Products - JG932A HP 5130-24G-4SFP+ EI Switch - JG933A HP 5130-24G-SFP-4SFP+ EI Switch - JG934A HP 5130-48G-4SFP+ EI Switch - JG936A HP 5130-24G-PoE+-4SFP+ (370W) EI Switch - JG937A HP 5130-48G-PoE+-4SFP+ (370W) EI Switch - JG938A HP 5130-24G-2SFP+-2XGT EI Switch - JG939A HP 5130-48G-2SFP+-2XGT EI Switch - JG940A HP 5130-24G-PoE+-2SFP+-2XGT (370W) EI Switch - JG941A HP 5130-48G-PoE+-2SFP+-2XGT (370W) EI Switch - JG975A HP 5130-24G-4SFP+ EI Brazil Switch - JG976A HP 5130-48G-4SFP+ EI Brazil Switch - JG977A HP 5130-24G-PoE+-4SFP+ (370W) EI Brazil Switch - JG978A HP 5130-48G-PoE+-4SFP+ (370W) EI Brazil Switch * CVEs - CVE-2016-2105 - CVE-2016-2106 - CVE-2016-2107 - CVE-2016-2108 - CVE-2016-2109 - CVE-2016-2176 + 6125XLG - Version: R2422P02 * HP Network Products - 711307-B21 HP 6125XLG Blade Switch - 737230-B21 HP 6125XLG Blade Switch with TAA * CVEs - CVE-2016-2105 - CVE-2016-2106 - CVE-2016-2107 - CVE-2016-2108 - CVE-2016-2109 - CVE-2016-2176 + 6127XLG - Version: R2422P02 * HP Network Products - 787635-B21 HP 6127XLG Blade Switch Opt Kit - 787635-B22 HP 6127XLG Blade Switch with TAA * CVEs - CVE-2016-2105 - CVE-2016-2106 - CVE-2016-2107 - CVE-2016-2108 - CVE-2016-2109 - CVE-2016-2176 + Moonshot - Version: R2432 * HP Network Products - 786617-B21 - HP Moonshot-45Gc Switch Module - 704654-B21 - HP Moonshot-45XGc Switch Module - 786619-B21 - HP Moonshot-180XGc Switch Module * CVEs - CVE-2016-2105 - CVE-2016-2106 - CVE-2016-2107 - CVE-2016-2108 - CVE-2016-2109 - CVE-2016-2176 + 5700 (Comware 7) - Version: R2422P02 * HP Network Products - JG894A HP FlexFabric 5700-48G-4XG-2QSFP+ Switch - JG895A HP FlexFabric 5700-48G-4XG-2QSFP+ TAA-compliant Switch - JG896A HP FlexFabric 5700-40XG-2QSFP+ Switch - JG897A HP FlexFabric 5700-40XG-2QSFP+ TAA-compliant Switch - JG898A HP FlexFabric 5700-32XGT-8XG-2QSFP+ Switch - JG899A HP FlexFabric 5700-32XGT-8XG-2QSFP+ TAA-compliant Switch * CVEs - CVE-2016-2105 - CVE-2016-2106 - CVE-2016-2107 - CVE-2016-2108 - CVE-2016-2109 - CVE-2016-2176 + 5930 (Comware 7) - Version: R2422P02 * HP Network Products - JG726A HP FlexFabric 5930 32QSFP+ Switch - JG727A HP FlexFabric 5930 32QSFP+ TAA-compliant Switch - JH178A HP FlexFabric 5930 2QSFP+ 2-slot Switch - JH179A HP FlexFabric 5930 4-slot Switch - JH187A HP FlexFabric 5930 2QSFP+ 2-slot TAA-compliant Switch - JH188A HP FlexFabric 5930 4-slot TAA-compliant Switch * CVEs - CVE-2016-2105 - CVE-2016-2106 - CVE-2016-2107 - CVE-2016-2108 - CVE-2016-2109 - CVE-2016-2176 + 1950 (Comware 7) - Version: R3115 * HP Network Products - JG960A HP 1950-24G-4XG Switch - JG961A HP 1950-48G-2SFP+-2XGT Switch - JG962A HP 1950-24G-2SFP+-2XGT-PoE+(370W) Switch - JG963A HP 1950-48G-2SFP+-2XGT-PoE+(370W) Switch * CVEs - CVE-2016-2105 - CVE-2016-2106 - CVE-2016-2107 - CVE-2016-2108 - CVE-2016-2109 - CVE-2016-2176 + 7500 (Comware 7) - Version: R7184 * HP Network Products - JD238C HP 7510 Switch Chassis - JD239C HP 7506 Switch Chassis - JD240C HP 7503 Switch Chassis - JD242C HP 7502 Switch Chassis - JH207A HP 7500 1.2Tbps Fabric with 2-port 40GbE QSFP+ for IRF-Only Main Processing Unit - JH208A HP 7502 Main Processing Unit - JH209A HP 7500 2.4Tbps Fabric with 8-port 1/10GbE SFP+ and 2-port 40GbE QSFP+ Main Processing Unit * CVEs - CVE-2016-2105 - CVE-2016-2106 - CVE-2016-2107 - CVE-2016-2108 - CVE-2016-2109 - CVE-2016-2176 + 5510HI (Comware 7) - Version: R1120P10 * HP Network Products - JH145A HPE 5510 24G 4SFP+ HI 1-slot Switch - JH146A HPE 5510 48G 4SFP+ HI 1-slot Switch - JH147A HPE 5510 24G PoE+ 4SFP+ HI 1-slot Switch - JH148A HPE 5510 48G PoE+ 4SFP+ HI 1-slot Switch - JH149A HPE 5510 24G SFP 4SFP+ HI 1-slot Switch * CVEs - CVE-2016-2105 - CVE-2016-2106 - CVE-2016-2107 - CVE-2016-2108 - CVE-2016-2109 - CVE-2016-2176 + 5130HI (Comware 7) - Version: R1120P10 * HP Network Products - JH323A HPE 5130 24G 4SFP+ 1-slot HI Switch - JH324A HPE 5130 48G 4SFP+ 1-slot HI Switch - JH325A HPE 5130 24G PoE+ 4SFP+ 1-slot HI Switch - JH326A HPE 5130 48G PoE+ 4SFP+ 1-slot HI Switch * CVEs - CVE-2016-2105 - CVE-2016-2106 - CVE-2016-2107 - CVE-2016-2108 - CVE-2016-2109 - CVE-2016-2176 + 5940 - Version: R2509 * HP Network Products - JH390A HPE FlexFabric 5940 48SFP+ 6QSFP28 Switch - JH391A HPE FlexFabric 5940 48XGT 6QSFP28 Switch - JH394A HPE FlexFabric 5940 48XGT 6QSFP+ Switch - JH395A HPE FlexFabric 5940 48SFP+ 6QSFP+ Switch - JH396A HPE FlexFabric 5940 32QSFP+ Switch - JH397A HPE FlexFabric 5940 2-slot Switch - JH398A HPE FlexFabric 5940 4-slot Switch * CVEs - CVE-2016-2105 - CVE-2016-2106 - CVE-2016-2107 - CVE-2016-2108 - CVE-2016-2109 - CVE-2016-2176 + 5950 - Version: R6123 * HP Network Products - JH321A HPE FlexFabric 5950 32QSFP28 Switch - JH402A HPE FlexFabric 5950 48SFP28 8QSFP28 Switch - JH404A HPE FlexFabric 5950 4-slot Switch + 12900E (Comware 7) - Version: R2609 * HP Network Products - JG619A HP FlexFabric 12910 Switch AC Chassis - JG621A HP FlexFabric 12910 Main Processing Unit - JG632A HP FlexFabric 12916 Switch AC Chassis - JG634A HP FlexFabric 12916 Main Processing Unit - JH104A HP FlexFabric 12900E Main Processing Unit - JH114A HP FlexFabric 12910 TAA-compliant Main Processing Unit - JH263A HP FlexFabric 12904E Main Processing Unit - JH255A HP FlexFabric 12908E Switch Chassis - JH262A HP FlexFabric 12904E Switch Chassis - JH113A HP FlexFabric 12910 TAA-compliant Switch AC Chassis - JH103A HP FlexFabric 12916E Switch Chassis * CVEs - CVE-2016-2105 - CVE-2016-2106 - CVE-2016-2107 - CVE-2016-2108 - CVE-2016-2109 - CVE-2016-2176 **iMC Products** + iNode PC 7.2 (E0410) - Version: 7.2 E0410 * HP Network Products - JD144A HP A-IMC User Access Management Software Module with 200-user License - JD147A HP IMC Endpoint Admission Defense Software Module with 200-user License - JD435A HP A-IMC Endpoint Admission Defense Client Software - JF388A HP IMC User Authentication Management Software Module with 200-user License - JF388AAE HP IMC User Authentication Management Software Module with 200-user E-LTU - JF391A HP IMC Endpoint Admission Defense Software Module with 200-user License - JF391AAE HP IMC Endpoint Admission Defense Software Module with 200-user E-LTU - JG752AAE HP IMC User Access Manager Software Module with 50-user E-LTU - JG754AAE) HP IMC Endpoint Admission Defense Software Module with 50-user E-LTU * CVEs - CVE-2016-2106 - CVE-2016-2109 - CVE-2016-2176 + iMC UAM_TAM 7.2-E0409 - Version: 7.2 E0409 * HP Network Products - JF388A HP IMC UAM S/W MODULE W/200-USER LICENSE - JF388AAE HP IMC UAM S/W MODULE W/200-USER E-LTU - JG752AAE HP IMC UAM SW MOD W/ 50-USER E-LTU - JG483A HP IMC TAM S/W MODULE W/100-NODE LIC - JG483AAE HP IMC TAM S/W MODULE W/100-NODE E-LTU - JG764AAE HP IMC TAM SW MOD W/ 50-NODE E-LTU * CVEs - CVE-2016-2106 - CVE-2016-2109 - CVE-2016-2176 **VCX Products** + VCX - Version: 9.8.19 * HP Network Products - J9672A HP VCX V7205 Platform w/ DL360 G7 Srvr - J9668A HP VCX IPC V7005 Pltfrm w/ DL120 G6 Srvr - JC517A HP VCX V7205 Platform w/DL 360 G6 Server - JE355A HP VCX V6000 Branch Platform 9.0 - JC516A HP VCX V7005 Platform w/DL 120 G6 Server - JC518A HP VCX Connect 200 Primry 120 G6 Server - J9669A HP VCX IPC V7310 Pltfrm w/ DL360 G7 Srvr - JE341A HP VCX Connect 100 Secondary - JE252A HP VCX Connect Primary MIM Module - JE253A HP VCX Connect Secondary MIM Module - JE254A HP VCX Branch MIM Module - JE355A HP VCX V6000 Branch Platform 9.0 - JD028A HP MS30-40 RTR w/VCX + T1/FXO/FXS/Mod - JD023A HP MSR30-40 Router with VCX MIM Module - JD024A HP MSR30-16 RTR w/VCX Ent Br Com MIM - JD025A HP MSR30-16 RTR w/VCX + 4FXO/2FXS Mod - JD026A HP MSR30-16 RTR w/VCX + 8FXO/4FXS Mod - JD027A HP MSR30-16 RTR w/VCX + 8BRI/4FXS Mod - JD029A HP MSR30-16 RTR w/VCX + E1/4BRI/4FXS - JE340A HP VCX Connect 100 Pri Server 9.0 - JE342A HP VCX Connect 100 Sec Server 9.0 * CVEs - CVE-2016-2105 - CVE-2016-2106 - CVE-2016-2108 - CVE-2016-2109 - CVE-2016-2176 **Note:** Please contact HPE Technical Support if any assistance is needed acquiring the software updates. HISTORY Version:1 (rev.1) - 2 June 2017 Initial release Third Party Security Patches: Third party security patches that are to be installed on systems running Hewlett Packard Enterprise (HPE) software products should be applied in accordance with the customer's patch management policy. Support: For issues about implementing the recommendations of this Security Bulletin, contact normal HPE Services support channel. For other issues about the content of this Security Bulletin, send e-mail to security-alert@hpe.com. Report: To report a potential security vulnerability for any HPE supported product: Web form: https://www.hpe.com/info/report-security-vulnerability Email: security-alert@hpe.com Subscribe: To initiate a subscription to receive future HPE Security Bulletin alerts via Email: http://www.hpe.com/support/Subscriber_Choice Security Bulletin Archive: A list of recently released Security Bulletins is available here: http://www.hpe.com/support/Security_Bulletin_Archive Software Product Category: The Software Product Category is represented in the title by the two characters following HPSB. 3C = 3COM 3P = 3rd Party Software GN = HPE General Software HF = HPE Hardware and Firmware MU = Multi-Platform Software NS = NonStop Servers OV = OpenVMS PV = ProCurve ST = Storage Software UX = HP-UX Copyright 2016 Hewlett Packard Enterprise Hewlett Packard Enterprise shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental,special or consequential damages including downtime cost; lost profits; damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett Packard Enterprise and the names of Hewlett Packard Enterprise products referenced herein are trademarks of Hewlett Packard Enterprise in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners. It is comprised of the Apache HTTP Server, the Apache Tomcat Servlet container, Apache Tomcat Connector (mod_jk), JBoss HTTP Connector (mod_cluster), Hibernate, and the Tomcat Native library. Security Fix(es): * It was discovered that httpd used the value of the Proxy header from HTTP requests to initialize the HTTP_PROXY environment variable for CGI scripts, which in turn was incorrectly used by certain HTTP client implementations to configure the proxy for outgoing HTTP requests. After installing the updated packages, the httpd daemon will be restarted automatically. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201612-16 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - https://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: OpenSSL: Multiple vulnerabilities Date: December 07, 2016 Bugs: #581234, #585142, #585276, #591454, #592068, #592074, #592082, #594500, #595186 ID: 201612-16 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== Multiple vulnerabilities have been found in OpenSSL, the worst of which allows attackers to conduct a time based side-channel attack. Affected packages ================= ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 dev-libs/openssl < 1.0.2j >= 1.0.2j Description =========== Multiple vulnerabilities have been discovered in OpenSSL. Please review the CVE identifiers and the International Association for Cryptologic Research's (IACR) paper, "Make Sure DSA Signing Exponentiations Really are Constant-Time" for further details. Additionally, a time based side-channel attack may allow a local attacker to recover a private DSA key. Workaround ========== There is no known workaround at this time. Resolution ========== All OpenSSL users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=dev-libs/openssl-1.0.2j" References ========== [ 1 ] CVE-2016-2105 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2105 [ 2 ] CVE-2016-2106 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2106 [ 3 ] CVE-2016-2107 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2107 [ 4 ] CVE-2016-2108 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2108 [ 5 ] CVE-2016-2109 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2109 [ 6 ] CVE-2016-2176 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2176 [ 7 ] CVE-2016-2177 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2177 [ 8 ] CVE-2016-2178 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2178 [ 9 ] CVE-2016-2180 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2180 [ 10 ] CVE-2016-2183 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2183 [ 11 ] CVE-2016-6304 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-6304 [ 12 ] CVE-2016-6305 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-6305 [ 13 ] CVE-2016-6306 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-6306 [ 14 ] CVE-2016-7052 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7052 [ 15 ] Make Sure DSA Signing Exponentiations Really are Constant-Time http://eprint.iacr.org/2016/594.pdf Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: https://security.gentoo.org/glsa/201612-16 Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org. License ======= Copyright 2016 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5 . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: openssl security update Advisory ID: RHSA-2016:0996-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2016-0996.html Issue date: 2016-05-10 CVE Names: CVE-2016-0799 CVE-2016-2105 CVE-2016-2106 CVE-2016-2107 CVE-2016-2108 CVE-2016-2109 CVE-2016-2842 ===================================================================== 1. Summary: An update for openssl is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64 Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64 Red Hat Enterprise Linux HPC Node (v. 6) - x86_64 Red Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 6) - i386, x86_64 3. Description: OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL) and Transport Layer Security (TLS) protocols, as well as a full-strength general-purpose cryptography library. Security Fix(es): * A flaw was found in the way OpenSSL encoded certain ASN.1 data structures. An attacker could use this flaw to create a specially crafted certificate which, when verified or re-encoded by OpenSSL, could cause it to crash, or execute arbitrary code using the permissions of the user running an application compiled against the OpenSSL library. A remote attacker could use these flaws to crash an application using OpenSSL or, possibly, execute arbitrary code with the permissions of the user running that application. (CVE-2016-2105, CVE-2016-2106) * It was discovered that OpenSSL leaked timing information when decrypting TLS/SSL and DTLS protocol encrypted records when the connection used the AES CBC cipher suite and the server supported AES-NI. A remote attacker could possibly use this flaw to retrieve plain text from encrypted packets by using a TLS/SSL or DTLS server as a padding oracle. (CVE-2016-2107) * Several flaws were found in the way BIO_*printf functions were implemented in OpenSSL. Applications which passed large amounts of untrusted data through these functions could crash or potentially execute code with the permissions of the user running such an application. (CVE-2016-0799, CVE-2016-2842) * A denial of service flaw was found in the way OpenSSL parsed certain ASN.1-encoded data from BIO (OpenSSL's I/O abstraction) inputs. An application using OpenSSL that accepts untrusted ASN.1 BIO input could be forced to allocate an excessive amount of data. (CVE-2016-2109) Red Hat would like to thank the OpenSSL project for reporting CVE-2016-2108, CVE-2016-2842, CVE-2016-2105, CVE-2016-2106, CVE-2016-2107, and CVE-2016-0799. Upstream acknowledges Huzaifa Sidhpurwala (Red Hat), Hanno Böck, and David Benjamin (Google) as the original reporters of CVE-2016-2108; Guido Vranken as the original reporter of CVE-2016-2842, CVE-2016-2105, CVE-2016-2106, and CVE-2016-0799; and Juraj Somorovsky as the original reporter of CVE-2016-2107. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 For the update to take effect, all services linked to the OpenSSL library must be restarted, or the system rebooted. 5. Bugs fixed (https://bugzilla.redhat.com/): 1312219 - CVE-2016-0799 OpenSSL: Fix memory issues in BIO_*printf functions 1314757 - CVE-2016-2842 openssl: doapr_outch function does not verify that certain memory allocation succeeds 1330101 - CVE-2016-2109 openssl: ASN.1 BIO handling of large amounts of data 1331402 - CVE-2016-2108 openssl: Memory corruption in the ASN.1 encoder 1331426 - CVE-2016-2107 openssl: Padding oracle in AES-NI CBC MAC check 1331441 - CVE-2016-2105 openssl: EVP_EncodeUpdate overflow 1331536 - CVE-2016-2106 openssl: EVP_EncryptUpdate overflow 6. Package List: Red Hat Enterprise Linux Desktop (v. 6): Source: openssl-1.0.1e-48.el6_8.1.src.rpm i386: openssl-1.0.1e-48.el6_8.1.i686.rpm openssl-debuginfo-1.0.1e-48.el6_8.1.i686.rpm x86_64: openssl-1.0.1e-48.el6_8.1.i686.rpm openssl-1.0.1e-48.el6_8.1.x86_64.rpm openssl-debuginfo-1.0.1e-48.el6_8.1.i686.rpm openssl-debuginfo-1.0.1e-48.el6_8.1.x86_64.rpm Red Hat Enterprise Linux Desktop Optional (v. 6): i386: openssl-debuginfo-1.0.1e-48.el6_8.1.i686.rpm openssl-devel-1.0.1e-48.el6_8.1.i686.rpm openssl-perl-1.0.1e-48.el6_8.1.i686.rpm openssl-static-1.0.1e-48.el6_8.1.i686.rpm x86_64: openssl-debuginfo-1.0.1e-48.el6_8.1.i686.rpm openssl-debuginfo-1.0.1e-48.el6_8.1.x86_64.rpm openssl-devel-1.0.1e-48.el6_8.1.i686.rpm openssl-devel-1.0.1e-48.el6_8.1.x86_64.rpm openssl-perl-1.0.1e-48.el6_8.1.x86_64.rpm openssl-static-1.0.1e-48.el6_8.1.x86_64.rpm Red Hat Enterprise Linux HPC Node (v. 6): Source: openssl-1.0.1e-48.el6_8.1.src.rpm x86_64: openssl-1.0.1e-48.el6_8.1.i686.rpm openssl-1.0.1e-48.el6_8.1.x86_64.rpm openssl-debuginfo-1.0.1e-48.el6_8.1.i686.rpm openssl-debuginfo-1.0.1e-48.el6_8.1.x86_64.rpm Red Hat Enterprise Linux HPC Node Optional (v. 6): x86_64: openssl-debuginfo-1.0.1e-48.el6_8.1.i686.rpm openssl-debuginfo-1.0.1e-48.el6_8.1.x86_64.rpm openssl-devel-1.0.1e-48.el6_8.1.i686.rpm openssl-devel-1.0.1e-48.el6_8.1.x86_64.rpm openssl-perl-1.0.1e-48.el6_8.1.x86_64.rpm openssl-static-1.0.1e-48.el6_8.1.x86_64.rpm Red Hat Enterprise Linux Server (v. 6): Source: openssl-1.0.1e-48.el6_8.1.src.rpm i386: openssl-1.0.1e-48.el6_8.1.i686.rpm openssl-debuginfo-1.0.1e-48.el6_8.1.i686.rpm openssl-devel-1.0.1e-48.el6_8.1.i686.rpm ppc64: openssl-1.0.1e-48.el6_8.1.ppc.rpm openssl-1.0.1e-48.el6_8.1.ppc64.rpm openssl-debuginfo-1.0.1e-48.el6_8.1.ppc.rpm openssl-debuginfo-1.0.1e-48.el6_8.1.ppc64.rpm openssl-devel-1.0.1e-48.el6_8.1.ppc.rpm openssl-devel-1.0.1e-48.el6_8.1.ppc64.rpm s390x: openssl-1.0.1e-48.el6_8.1.s390.rpm openssl-1.0.1e-48.el6_8.1.s390x.rpm openssl-debuginfo-1.0.1e-48.el6_8.1.s390.rpm openssl-debuginfo-1.0.1e-48.el6_8.1.s390x.rpm openssl-devel-1.0.1e-48.el6_8.1.s390.rpm openssl-devel-1.0.1e-48.el6_8.1.s390x.rpm x86_64: openssl-1.0.1e-48.el6_8.1.i686.rpm openssl-1.0.1e-48.el6_8.1.x86_64.rpm openssl-debuginfo-1.0.1e-48.el6_8.1.i686.rpm openssl-debuginfo-1.0.1e-48.el6_8.1.x86_64.rpm openssl-devel-1.0.1e-48.el6_8.1.i686.rpm openssl-devel-1.0.1e-48.el6_8.1.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 6): i386: openssl-debuginfo-1.0.1e-48.el6_8.1.i686.rpm openssl-perl-1.0.1e-48.el6_8.1.i686.rpm openssl-static-1.0.1e-48.el6_8.1.i686.rpm ppc64: openssl-debuginfo-1.0.1e-48.el6_8.1.ppc64.rpm openssl-perl-1.0.1e-48.el6_8.1.ppc64.rpm openssl-static-1.0.1e-48.el6_8.1.ppc64.rpm s390x: openssl-debuginfo-1.0.1e-48.el6_8.1.s390x.rpm openssl-perl-1.0.1e-48.el6_8.1.s390x.rpm openssl-static-1.0.1e-48.el6_8.1.s390x.rpm x86_64: openssl-debuginfo-1.0.1e-48.el6_8.1.x86_64.rpm openssl-perl-1.0.1e-48.el6_8.1.x86_64.rpm openssl-static-1.0.1e-48.el6_8.1.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 6): Source: openssl-1.0.1e-48.el6_8.1.src.rpm i386: openssl-1.0.1e-48.el6_8.1.i686.rpm openssl-debuginfo-1.0.1e-48.el6_8.1.i686.rpm openssl-devel-1.0.1e-48.el6_8.1.i686.rpm x86_64: openssl-1.0.1e-48.el6_8.1.i686.rpm openssl-1.0.1e-48.el6_8.1.x86_64.rpm openssl-debuginfo-1.0.1e-48.el6_8.1.i686.rpm openssl-debuginfo-1.0.1e-48.el6_8.1.x86_64.rpm openssl-devel-1.0.1e-48.el6_8.1.i686.rpm openssl-devel-1.0.1e-48.el6_8.1.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 6): i386: openssl-debuginfo-1.0.1e-48.el6_8.1.i686.rpm openssl-perl-1.0.1e-48.el6_8.1.i686.rpm openssl-static-1.0.1e-48.el6_8.1.i686.rpm x86_64: openssl-debuginfo-1.0.1e-48.el6_8.1.x86_64.rpm openssl-perl-1.0.1e-48.el6_8.1.x86_64.rpm openssl-static-1.0.1e-48.el6_8.1.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2016-0799 https://access.redhat.com/security/cve/CVE-2016-2105 https://access.redhat.com/security/cve/CVE-2016-2106 https://access.redhat.com/security/cve/CVE-2016-2107 https://access.redhat.com/security/cve/CVE-2016-2108 https://access.redhat.com/security/cve/CVE-2016-2109 https://access.redhat.com/security/cve/CVE-2016-2842 https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2016 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFXMXPXXlSAg2UNWIIRAmqpAJ4sxaxPc4fbLjR32h/PW1fxwOZG7ACgtaSz 6dbI0EemYRoHCDagPHSycq4= =g2Zb -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce. This could lead to a heap corruption. This could lead to a heap corruption. CVE-2016-2107 Juraj Somorovsky discovered a padding oracle in the AES CBC cipher implementation based on the AES-NI instruction set. This could allow an attacker to decrypt TLS traffic encrypted with one of the cipher suites based on AES CBC. CVE-2016-2108 David Benjamin from Google discovered that two separate bugs in the ASN.1 encoder, related to handling of negative zero integer values and large universal tags, could lead to an out-of-bounds write. CVE-2016-2109 Brian Carpenter discovered that when ASN.1 data is read from a BIO using functions such as d2i_CMS_bio(), a short invalid encoding can casuse allocation of large amounts of memory potentially consuming excessive resources or exhausting memory. CVE-2016-2176 Guido Vranken discovered that ASN.1 Strings that are over 1024 bytes can cause an overread in applications using the X509_NAME_oneline() function on EBCDIC systems. This could result in arbitrary stack data being returned in the buffer. Additional information about these issues can be found in the OpenSSL security advisory at https://www.openssl.org/news/secadv/20160503.txt For the stable distribution (jessie), these problems have been fixed in version 1.0.1k-3+deb8u5. For the unstable distribution (sid), these problems have been fixed in version 1.0.2h-1. We recommend that you upgrade your openssl packages. Description: Red Hat JBoss Enterprise Application Platform 6 is a platform for Java applications based on JBoss Application Server 7. This release includes bug fixes and enhancements, as well as a new release of OpenSSL that addresses a number of outstanding security flaws. For further information, see the knowledge base article linked to in the References section. The JBoss server process must be restarted for the update to take effect. (CVE-2016-2108) * Multiple flaws were found in the way httpd parsed HTTP requests and responses using chunked transfer encoding. A remote attacker could use these flaws to create a specially crafted request, which httpd would decode differently from an HTTP proxy software in front of it, possibly leading to HTTP request smuggling attacks. (CVE-2015-3195) * A flaw was found in the way the TLS protocol composes the Diffie-Hellman exchange (for both export and non-export grade cipher suites). An attacker could use this flaw to downgrade a DHE connection to use export-grade key sizes, which could then be broken by sufficient pre-computation. This can lead to a passive man-in-the-middle attack in which the attacker is able to decrypt all traffic. (CVE-2016-2106) * It was discovered that it is possible to remotely Segfault Apache http server with a specially crafted string sent to the mod_cluster via service messages (MCMP). (CVE-2016-2109) * It was discovered that specifying configuration with a JVMRoute path longer than 80 characters will cause segmentation fault leading to a server crash. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 APPLE-SA-2016-07-18-1 OS X El Capitan v10.11.6 and Security Update 2016-004 OS X El Capitan v10.11.6 and Security Update 2016-004 is now available and addresses the following: apache_mod_php Available for: OS X Yosemite v10.10.5 and OS X El Capitan v10.11 and later Impact: A remote attacker may be able to execute arbitrary code Description: Multiple issues existed in PHP versions prior to 5.5.36. These were addressed by updating PHP to version 5.5.36. CVE-2016-4650 Audio Available for: OS X El Capitan v10.11 and later Impact: A local user may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed through improved memory handling. CVE-2016-4647 : Juwei Lin (@fuzzerDOTcn) of Trend Micro Audio Available for: OS X El Capitan v10.11 and later Impact: A local user may be able to determine kernel memory layout Description: An out-of-bounds read was addressed through improved input validation. CVE-2016-4648 : Juwei Lin(@fuzzerDOTcn) of Trend Micro Audio Available for: OS X El Capitan v10.11 and later Impact: Parsing a maliciously crafted audio file may lead to the disclosure of user information Description: An out-of-bounds read was addressed through improved bounds checking. CVE-2016-4646 : Steven Seeley of Source Incite working with Trend Micro's Zero Day Initiative Audio Available for: OS X El Capitan v10.11 and later Impact: A local user may be able to cause a system denial of service Description: A null pointer dereference was addressed through improved input validation. CVE-2016-4649 : Juwei Lin(@fuzzerDOTcn) of Trend Micro bsdiff Available for: OS X El Capitan v10.11 and later Impact: A local attacker may be able to cause unexpected application termination or arbitrary code execution Description: An integer overflow existed in bspatch. This issue was addressed through improved bounds checking. CVE-2014-9862 : an anonymous researcher CFNetwork Available for: OS X El Capitan v10.11 and later Impact: A local user may be able to view sensitive user information Description: A permissions issue existed in the handling of web browser cookies. This issue was addressed through improved restrictions. CVE-2016-4645 : Abhinav Bansal of Zscaler Inc. CoreGraphics Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5, and OS X El Capitan v10.11 and later Impact: A remote attacker may be able to execute arbitrary code Description: A memory corruption issue was addressed through improved memory handling. CVE-2016-4637 : Tyler Bohan of Cisco Talos (talosintel.com /vulnerability-reports) CoreGraphics Available for: OS X El Capitan v10.11 and later Impact: A local user may be able to elevate privileges Description: An out-of-bounds read issue existed that led to the disclosure of kernel memory. This was addressed through improved input validation. CVE-2016-4652 : Yubin Fu of Tencent KeenLab working with Trend Micro's Zero Day Initiative FaceTime Available for: OS X El Capitan v10.11 and later Impact: An attacker in a privileged network position may be able to cause a relayed call to continue transmitting audio while appearing as if the call terminated Description: User interface inconsistencies existed in the handling of relayed calls. These issues were addressed through improved FaceTime display logic. CVE-2016-4635 : Martin Vigo Graphics Drivers Available for: OS X El Capitan v10.11 and later Impact: A local user may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed through improved input validation. CVE-2016-4634 : Stefan Esser of SektionEins ImageIO Available for: OS X El Capitan v10.11 and later Impact: A remote attacker may be able to cause a denial of service Description: A memory consumption issue was addressed through improved memory handling. CVE-2016-4632 : Evgeny Sidorov of Yandex ImageIO Available for: OS X El Capitan v10.11 and later Impact: A remote attacker may be able to execute arbitrary code Description: Multiple memory corruption issues were addressed through improved memory handling. CVE-2016-4631 : Tyler Bohan of Cisco Talos (talosintel.com /vulnerability-reports) ImageIO Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5, and OS X El Capitan v10.11 and later Impact: A remote attacker may be able to execute arbitrary code Description: Multiple memory corruption issues were addressed through improved memory handling. CVE-2016-4629 : Tyler Bohan of Cisco Talos (talosintel.com /vulnerability-reports) CVE-2016-4630 : Tyler Bohan of Cisco Talos (talosintel.com /vulnerability-reports) Intel Graphics Driver Available for: OS X El Capitan v10.11 and later Impact: A malicious application may be able to execute arbitrary code with kernel privileges Description: Multiple memory corruption issues were addressed through improved memory handling. CVE-2016-4633 : an anonymous researcher IOHIDFamily Available for: OS X El Capitan v10.11 and later Impact: A local user may be able to execute arbitrary code with kernel privileges Description: A null pointer dereference was addressed through improved input validation. CVE-2016-4626 : Stefan Esser of SektionEins IOSurface Available for: OS X El Capitan v10.11 and later Impact: A local user may be able to execute arbitrary code with kernel privileges Description: A use-after-free was addressed through improved memory management. CVE-2016-4625 : Ian Beer of Google Project Zero Kernel Available for: OS X El Capitan v10.11 and later Impact: A local user may be able to execute arbitrary code with kernel privileges Description: Multiple memory corruption issues were addressed through improved memory handling. CVE-2016-1863 : Ian Beer of Google Project Zero CVE-2016-1864 : Ju Zhu of Trend Micro CVE-2016-4582 : Shrek_wzw and Proteas of Qihoo 360 Nirvan Team Kernel Available for: OS X El Capitan v10.11 and later Impact: A local user may be able to cause a system denial of service Description: A null pointer dereference was addressed through improved input validation. CVE-2016-1865 : CESG, Marco Grassi (@marcograss) of KeenLab (@keen_lab), Tencent libc++abi Available for: OS X El Capitan v10.11 and later Impact: An application may be able to execute arbitrary code with root privileges Description: Multiple memory corruption issues were addressed through improved memory handling. CVE-2016-4621 : an anonymous researcher libexpat Available for: OS X El Capitan v10.11 and later Impact: Processing maliciously crafted XML may lead to unexpected application termination or arbitrary code execution Description: Multiple memory corruption issues were addressed through improved memory handling. CVE-2016-0718 : Gustavo Grieco LibreSSL Available for: OS X El Capitan v10.11 and later Impact: A remote attacker may be able to execute arbitrary code Description: Multiple issues existed in LibreSSL before 2.2.7. These were addressed by updating LibreSSL to version 2.2.7. CVE-2016-2108 : Huzaifa Sidhpurwala (Red Hat), Hanno Boeck, David Benjamin (Google) Mark Brand, Ian Beer of Google Project Zero CVE-2016-2109 : Brian Carpenter libxml2 Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5, and OS X El Capitan v10.11 and later Impact: Parsing a maliciously crafted XML document may lead to disclosure of user information Description: An access issue existed in the parsing of maliciously crafted XML files. This issue was addressed through improved input validation. CVE-2016-4449 : Kostya Serebryany libxml2 Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5, and OS X El Capitan v10.11 and later Impact: Multiple vulnerabilities in libxml2 Description: Multiple memory corruption issues were addressed through improved memory handling. CVE-2016-1836 : Wei Lei and Liu Yang of Nanyang Technological University CVE-2016-4447 : Wei Lei and Liu Yang of Nanyang Technological University CVE-2016-4448 : Apple CVE-2016-4483 : Gustavo Grieco CVE-2016-4614 : Nick Wellnhofe CVE-2016-4615 : Nick Wellnhofer CVE-2016-4616 : Michael Paddon CVE-2016-4619 : Hanno Boeck libxslt Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5, and OS X El Capitan v10.11 and later Impact: Multiple vulnerabilities in libxslt Description: Multiple memory corruption issues were addressed through improved memory handling. CVE-2016-1684 : Nicolas GrA(c)goire CVE-2016-4607 : Nick Wellnhofer CVE-2016-4608 : Nicolas GrA(c)goire CVE-2016-4609 : Nick Wellnhofer CVE-2016-4610 : Nick Wellnhofer CVE-2016-4612 : Nicolas GrA(c)goire Login Window Available for: OS X El Capitan v10.11 and later Impact: A malicious application may be able to execute arbitrary code leading to compromise of user information Description: A memory corruption issue was addressed through improved input validation. CVE-2016-4640 : Yubin Fu of Tencent KeenLab working with Trend Micro's Zero Day Initiative Login Window Available for: OS X El Capitan v10.11 and later Impact: A malicious application may be able to execute arbitrary code leading to the compromise of user information Description: A type confusion issue was addressed through improved memory handling. CVE-2016-4641 : Yubin Fu of Tencent KeenLab working with Trend Micro's Zero Day Initiative Login Window Available for: OS X El Capitan v10.11 and later Impact: A local user may be able to cause a denial of service Description: A memory initialization issue was addressed through improved memory handling. CVE-2016-4639 : Yubin Fu of Tencent KeenLab working with Trend Micro's Zero Day Initiative Login Window Available for: OS X El Capitan v10.11 and later Impact: A malicious application may be able to gain root privileges Description: A type confusion issue was addressed through improved memory handling. CVE-2016-4638 : Yubin Fu of Tencent KeenLab working with Trend Micro's Zero Day Initiative OpenSSL Available for: OS X El Capitan v10.11 and later Impact: A remote attacker may be able to execute arbitrary code Description: Multiple issues existed in OpenSSL. These issues were resolved by backporting the fixes from OpenSSL 1.0.2h/1.0.1 to OpenSSL 0.9.8. CVE-2016-2105 : Guido Vranken CVE-2016-2106 : Guido Vranken CVE-2016-2107 : Juraj Somorovsky CVE-2016-2108 : Huzaifa Sidhpurwala (Red Hat), Hanno Boeck, David Benjamin (Google), Mark Brand and Ian Beer of Google Project Zero CVE-2016-2109 : Brian Carpenter CVE-2016-2176 : Guido Vranken QuickTime Available for: OS X El Capitan v10.11 and later Impact: Processing a maliciously crafted FlashPix Bitmap Image may lead to unexpected application termination or arbitrary code execution Description: Multiple memory corruption issues were addressed through improved memory handling. CVE-2016-4596 : Ke Liu of Tencent's Xuanwu Lab CVE-2016-4597 : Ke Liu of Tencent's Xuanwu Lab CVE-2016-4600 : Ke Liu of Tencent's Xuanwu Lab CVE-2016-4602 : Ke Liu of Tencent's Xuanwu Lab QuickTime Available for: OS X El Capitan v10.11 and later Impact: Processing a maliciously crafted image may lead to arbitrary code execution Description: A memory corruption issue was addressed through improved input validation. CVE-2016-4598 : Ke Liu of Tencent's Xuanwu Lab QuickTime Available for: OS X El Capitan v10.11 and later Impact: Processing a maliciously crafted SGI file may lead to arbitrary code execution Description: A memory corruption issue was addressed through improved input validation. CVE-2016-4601 : Ke Liu of Tencent's Xuanwu Lab QuickTime Available for: OS X El Capitan v10.11 and later Impact: Processing a maliciously crafted Photoshop document may lead to unexpected application termination or arbitrary code execution Description: A memory corruption issue was addressed through improved input validation. CVE-2016-4599 : Ke Liu of Tencent's Xuanwu Lab Safari Login AutoFill Available for: OS X El Capitan v10.11 and later Impact: A user's password may be visible on screen Description: An issue existed in Safari's password auto-fill. This issue was addressed through improved matching of form fields. CVE-2016-4595 : Jonathan Lewis from DeARX Services (PTY) LTD Sandbox Profiles Available for: OS X El Capitan v10.11 and later Impact: A local application may be able to access the process list Description: An access issue existed with privileged API calls. This issue was addressed through additional restrictions. CVE-2016-4594 : Stefan Esser of SektionEins Note: OS X El Capitan 10.11.6 includes the security content of Safari 9.1.2. For further details see https://support.apple.com/kb/HT206900 OS X El Capitan v10.11.6 and Security Update 2016-004 may be obtained from the Mac App Store or Apple's Software Downloads web site: http://www.apple.com/support/downloads/ Information will also be posted to the Apple Security Updates web site: http://support.apple.com/kb/HT201222 This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE----- Comment: GPGTools - https://gpgtools.org iQIcBAEBCgAGBQJXjXAvAAoJEIOj74w0bLRG/5EP/2v9SJTrO+/4b3A1gqC1ch8y +cJ04tXRsO7rvjKT5nCylo30U0Sanz/bUbDx4559YS7/P/IyeyZVheaTJwK8wzEy pSOPpy35hUuVIw0/p4YsuHDThSBPFMmDljTxH7elkfuBV1lPSrCkyDXc0re2HxWV xj68zAxtM0jkkhgcxb2ApZSZVXhrjUZtbY0xEVOoWKKFwbMvKfx+4xSqunwQeS1u wevs1EbxfvsZbc3pG+xYcOonbegBzOy9aCvNO1Yv1zG+AYXC5ERMq1vk3PsWOTQN ZVY1I7mvCaEfvmjq2isRw8XYapAIKISDLwMKBSYrZDQFwPQLRi1VXxQZ67Kq1M3k ah04/lr0RIcoosIcBqxD2+1UAFjUzEUNFkYivjhuaeegN2QdL7Ujegf1QjdAt8lk mmKduxYUDOaRX50Kw7n14ZveJqzE1D5I6QSItaZ9M1vR60a7u91DSj9D87vbt1YC JM/Rvf/4vonp1NjwA2JQwCiZfYliBDdn9iiCl8mzxdsSRD/wXcZCs05nnKmKsCfc 55ET7IwdG3622lVheOJGQZuucwJiTn36zC11XVzZysQd/hLD5rUKUQNX1WOgZdzs xPsslXF5MWx9jcdyWVSWxDrN0sFk+GpQFQDuVozP60xuxqR3qQ0TXir2NP39uIF5 YozOGPQFmX0OviWCQsX6 =ng+m -----END PGP SIGNATURE----- . The References section of this erratum contains a download link (you must log in to download the update)

Trust: 1.89

sources: NVD: CVE-2016-2105 // VULHUB: VHN-90924 // VULMON: CVE-2016-2105 // PACKETSTORM: 142803 // PACKETSTORM: 138472 // PACKETSTORM: 140056 // PACKETSTORM: 136958 // PACKETSTORM: 136893 // PACKETSTORM: 139114 // PACKETSTORM: 139167 // PACKETSTORM: 137958 // PACKETSTORM: 139116

AFFECTED PRODUCTS

vendor:	opensuse	model:	leap	scope:	eq	version:	42.1	Trust: 1.0
vendor:	redhat	model:	enterprise linux hpc node eus	scope:	eq	version:	7.2	Trust: 1.0
vendor:	canonical	model:	ubuntu linux	scope:	eq	version:	15.10	Trust: 1.0
vendor:	openssl	model:	openssl	scope:	eq	version:	1.0.1p	Trust: 1.0
vendor:	nodejs	model:	node.js	scope:	lt	version:	0.10.45	Trust: 1.0
vendor:	openssl	model:	openssl	scope:	eq	version:	1.0.1f	Trust: 1.0
vendor:	nodejs	model:	node.js	scope:	eq	version:	6.0.0	Trust: 1.0
vendor:	nodejs	model:	node.js	scope:	gte	version:	0.10.0	Trust: 1.0
vendor:	openssl	model:	openssl	scope:	eq	version:	1.0.1l	Trust: 1.0
vendor:	openssl	model:	openssl	scope:	eq	version:	1.0.1d	Trust: 1.0
vendor:	nodejs	model:	node.js	scope:	gte	version:	5.0.0	Trust: 1.0
vendor:	openssl	model:	openssl	scope:	eq	version:	1.0.1c	Trust: 1.0
vendor:	opensuse	model:	opensuse	scope:	eq	version:	13.2	Trust: 1.0
vendor:	openssl	model:	openssl	scope:	eq	version:	1.0.2d	Trust: 1.0
vendor:	oracle	model:	mysql	scope:	gte	version:	5.7.0	Trust: 1.0
vendor:	redhat	model:	enterprise linux server	scope:	eq	version:	7.0	Trust: 1.0
vendor:	openssl	model:	openssl	scope:	eq	version:	1.0.1g	Trust: 1.0
vendor:	openssl	model:	openssl	scope:	eq	version:	1.0.2	Trust: 1.0
vendor:	nodejs	model:	node.js	scope:	lt	version:	0.12.14	Trust: 1.0
vendor:	redhat	model:	enterprise linux server	scope:	eq	version:	6.0	Trust: 1.0
vendor:	openssl	model:	openssl	scope:	eq	version:	1.0.1s	Trust: 1.0
vendor:	openssl	model:	openssl	scope:	eq	version:	1.0.2b	Trust: 1.0
vendor:	openssl	model:	openssl	scope:	eq	version:	1.0.2c	Trust: 1.0
vendor:	openssl	model:	openssl	scope:	eq	version:	1.0.1q	Trust: 1.0
vendor:	canonical	model:	ubuntu linux	scope:	eq	version:	12.04	Trust: 1.0
vendor:	debian	model:	linux	scope:	eq	version:	8.0	Trust: 1.0
vendor:	redhat	model:	enterprise linux hpc node	scope:	eq	version:	7.0	Trust: 1.0
vendor:	openssl	model:	openssl	scope:	eq	version:	1.0.2e	Trust: 1.0
vendor:	openssl	model:	openssl	scope:	eq	version:	1.0.2g	Trust: 1.0
vendor:	nodejs	model:	node.js	scope:	lt	version:	5.11.1	Trust: 1.0
vendor:	nodejs	model:	node.js	scope:	gte	version:	4.0.0	Trust: 1.0
vendor:	redhat	model:	enterprise linux workstation	scope:	eq	version:	7.0	Trust: 1.0
vendor:	redhat	model:	enterprise linux server eus	scope:	eq	version:	7.2	Trust: 1.0
vendor:	canonical	model:	ubuntu linux	scope:	eq	version:	16.04	Trust: 1.0
vendor:	openssl	model:	openssl	scope:	eq	version:	1.0.1b	Trust: 1.0
vendor:	redhat	model:	enterprise linux workstation	scope:	eq	version:	6.0	Trust: 1.0
vendor:	canonical	model:	ubuntu linux	scope:	eq	version:	14.04	Trust: 1.0
vendor:	oracle	model:	mysql	scope:	lte	version:	5.6.30	Trust: 1.0
vendor:	oracle	model:	mysql	scope:	lte	version:	5.7.12	Trust: 1.0
vendor:	apple	model:	mac os x	scope:	eq	version:	10.11.5	Trust: 1.0
vendor:	nodejs	model:	node.js	scope:	gte	version:	0.12.0	Trust: 1.0
vendor:	nodejs	model:	node.js	scope:	gte	version:	4.2.0	Trust: 1.0
vendor:	openssl	model:	openssl	scope:	eq	version:	1.0.1h	Trust: 1.0
vendor:	nodejs	model:	node.js	scope:	lte	version:	4.1.2	Trust: 1.0
vendor:	redhat	model:	enterprise linux desktop	scope:	eq	version:	7.0	Trust: 1.0
vendor:	openssl	model:	openssl	scope:	eq	version:	1.0.1j	Trust: 1.0
vendor:	openssl	model:	openssl	scope:	eq	version:	1.0.1o	Trust: 1.0
vendor:	openssl	model:	openssl	scope:	eq	version:	1.0.1	Trust: 1.0
vendor:	redhat	model:	enterprise linux server aus	scope:	eq	version:	7.2	Trust: 1.0
vendor:	redhat	model:	enterprise linux hpc node	scope:	eq	version:	6	Trust: 1.0
vendor:	openssl	model:	openssl	scope:	eq	version:	1.0.1e	Trust: 1.0
vendor:	nodejs	model:	node.js	scope:	lt	version:	4.4.4	Trust: 1.0
vendor:	redhat	model:	enterprise linux desktop	scope:	eq	version:	6.0	Trust: 1.0
vendor:	oracle	model:	mysql	scope:	gte	version:	5.6.0	Trust: 1.0
vendor:	openssl	model:	openssl	scope:	eq	version:	1.0.1a	Trust: 1.0
vendor:	openssl	model:	openssl	scope:	eq	version:	1.0.2f	Trust: 1.0
vendor:	openssl	model:	openssl	scope:	eq	version:	1.0.1i	Trust: 1.0
vendor:	openssl	model:	openssl	scope:	eq	version:	1.0.1r	Trust: 1.0
vendor:	openssl	model:	openssl	scope:	eq	version:	1.0.1k	Trust: 1.0
vendor:	openssl	model:	openssl	scope:	eq	version:	1.0.1n	Trust: 1.0
vendor:	openssl	model:	openssl	scope:	eq	version:	1.0.2a	Trust: 1.0
vendor:	openssl	model:	openssl	scope:	eq	version:	1.0.1m	Trust: 1.0

sources: NVD: CVE-2016-2105

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2016-2105
value:	HIGH
Trust: 1.0
VULHUB:	VHN-90924
value:	MEDIUM
Trust: 0.1
VULMON:	CVE-2016-2105
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2016-2105
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.1
VULHUB:	VHN-90924
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2016-2105
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	3.6
version:	3.1
Trust: 1.0

sources: VULHUB: VHN-90924 // VULMON: CVE-2016-2105 // NVD: CVE-2016-2105

PROBLEMTYPE DATA

problemtype:	CWE-190	Trust: 1.1
problemtype:	CWE-189	Trust: 0.1

sources: VULHUB: VHN-90924 // NVD: CVE-2016-2105

TYPE

arbitrary

Trust: 0.2

sources: PACKETSTORM: 136958 // PACKETSTORM: 139167

EXPLOIT AVAILABILITY

sources: VULHUB: VHN-90924

PATCH

title:	The Register	url:	https://www.theregister.co.uk/2016/05/03/openssl_patches/	Trust: 0.2
title:	Red Hat: Important: openssl security update	url:	https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20162073 - Security Advisory	Trust: 0.1
title:	Red Hat: CVE-2016-2105	url:	https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database&qid=CVE-2016-2105	Trust: 0.1
title:	Ubuntu Security Notice: openssl vulnerabilities	url:	https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice&qid=USN-2959-1	Trust: 0.1
title:	Debian Security Advisories: DSA-3566-1 openssl -- security update	url:	https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories&qid=055972eb84483959232c972f757685e0	Trust: 0.1
title:	Amazon Linux AMI: ALAS-2016-695	url:	https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami&qid=ALAS-2016-695	Trust: 0.1
title:	Tenable Security Advisories: [R5] OpenSSL '20160503' Advisory Affects Tenable Products	url:	https://vulmon.com/vendoradvisory?qidtp=tenable_security_advisories&qid=TNS-2016-10	Trust: 0.1
title:	Red Hat: Important: Red Hat JBoss Core Services Apache HTTP 2.4.23 Release	url:	https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20162957 - Security Advisory	Trust: 0.1
title:	IBM: IBM Security Bulletin: Fabric OS firmware for Brocade 8Gb SAN Switch Module for BladeCenter is affected by vulnerabilities in OpenSSL and OpenSSH	url:	https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog&qid=b7f5b1e7edcafce07f28205855d4db49	Trust: 0.1
title:	Forcepoint Security Advisories: CVE-2016-2105, 2106, 2107, 2108, 2109, 2176 -- Security Vulnerabilities	url:	https://vulmon.com/vendoradvisory?qidtp=forcepoint_security_advisories&qid=01fd01e3d154696ffabfde89f4142310	Trust: 0.1
title:	Tenable Security Advisories: [R3] PVS 5.1.0 Fixes Multiple Third-party Library Vulnerabilities	url:	https://vulmon.com/vendoradvisory?qidtp=tenable_security_advisories&qid=TNS-2016-13	Trust: 0.1
title:	Symantec Security Advisories: SA123 : OpenSSL Vulnerabilities 3-May-2016	url:	https://vulmon.com/vendoradvisory?qidtp=symantec_security_advisories&qid=5d65f6765e60e5fe9e6998a5bde1aadc	Trust: 0.1
title:	Oracle Linux Bulletins: Oracle Linux Bulletin - April 2016	url:	https://vulmon.com/vendoradvisory?qidtp=oracle_linux_bulletins&qid=83bbd91f8369c8f064e6d68dac68400f	Trust: 0.1
title:	Oracle Linux Bulletins: Oracle Linux Bulletin - July 2016	url:	https://vulmon.com/vendoradvisory?qidtp=oracle_linux_bulletins&qid=0bd8c924b56aac98dda0f5b45f425f38	Trust: 0.1
title:	Oracle Solaris Third Party Bulletins: Oracle Solaris Third Party Bulletin - April 2017	url:	https://vulmon.com/vendoradvisory?qidtp=oracle_solaris_third_party_bulletins&qid=a31bff03e9909229fd67996884614fdf	Trust: 0.1
title:	Oracle: Oracle Critical Patch Update Advisory - July 2016	url:	https://vulmon.com/vendoradvisory?qidtp=oracle_advisories&qid=3a04485ebb79f7fbc2472bf9af5ce489	Trust: 0.1
title:	Oracle: Oracle Critical Patch Update Advisory - April 2017	url:	https://vulmon.com/vendoradvisory?qidtp=oracle_advisories&qid=143b3fb255063c81571469eaa3cf0a87	Trust: 0.1
title:	Tenable Security Advisories: [R7] LCE 4.8.1 Fixes Multiple Vulnerabilities	url:	https://vulmon.com/vendoradvisory?qidtp=tenable_security_advisories&qid=TNS-2016-18	Trust: 0.1
title:	Oracle VM Server for x86 Bulletins: Oracle VM Server for x86 Bulletin - July 2016	url:	https://vulmon.com/vendoradvisory?qidtp=oracle_vm_server_for_x86_bulletins&qid=6c15273f6bf4a785175f27073b98a1ce	Trust: 0.1
title:	Oracle Solaris Third Party Bulletins: Oracle Solaris Third Party Bulletin - April 2016	url:	https://vulmon.com/vendoradvisory?qidtp=oracle_solaris_third_party_bulletins&qid=976a4da35d55283870dbb31b88a6c655	Trust: 0.1
title:	Oracle: Oracle Critical Patch Update Advisory - October 2016	url:	https://vulmon.com/vendoradvisory?qidtp=oracle_advisories&qid=05aabe19d38058b7814ef5514aab4c0c	Trust: 0.1
title:	Oracle: Oracle Critical Patch Update Advisory - January 2018	url:	https://vulmon.com/vendoradvisory?qidtp=oracle_advisories&qid=e2a7f287e9acc8c64ab3df71130bc64d	Trust: 0.1
title:	Oracle Solaris Third Party Bulletins: Oracle Solaris Third Party Bulletin - July 2018	url:	https://vulmon.com/vendoradvisory?qidtp=oracle_solaris_third_party_bulletins&qid=586e6062440cdd312211d748e028164e	Trust: 0.1
title:	Oracle: Oracle Critical Patch Update Advisory - July 2017	url:	https://vulmon.com/vendoradvisory?qidtp=oracle_advisories&qid=2f446a7e1ea263c0c3a365776c6713f2	Trust: 0.1
title:	Oracle: Oracle Critical Patch Update Advisory - July 2018	url:	https://vulmon.com/vendoradvisory?qidtp=oracle_advisories&qid=5f8c525f1408011628af1792207b2099	Trust: 0.1
title:	-	url:	https://github.com/Live-Hack-CVE/CVE-2016-2105	Trust: 0.1
title:	changelog	url:	https://github.com/securityrouter/changelog	Trust: 0.1
title:	alpine-cvecheck	url:	https://github.com/tomwillfixit/alpine-cvecheck	Trust: 0.1
title:	-	url:	https://github.com/imhunterand/hackerone-publicy-disclosed	Trust: 0.1
title:	satellite-host-cve	url:	https://github.com/RedHatSatellite/satellite-host-cve	Trust: 0.1

sources: VULMON: CVE-2016-2105

EXTERNAL IDS

db:	NVD	id:	CVE-2016-2105	Trust: 2.1
db:	BID	id:	91787	Trust: 1.2
db:	BID	id:	89757	Trust: 1.2
db:	SECTRACK	id:	1035721	Trust: 1.2
db:	MCAFEE	id:	SB10160	Trust: 1.2
db:	PACKETSTORM	id:	136912	Trust: 1.2
db:	TENABLE	id:	TNS-2016-18	Trust: 1.2
db:	SIEMENS	id:	SSA-412672	Trust: 1.2
db:	JUNIPER	id:	JSA10759	Trust: 1.2
db:	PACKETSTORM	id:	142803	Trust: 0.2
db:	PACKETSTORM	id:	138472	Trust: 0.2
db:	PACKETSTORM	id:	136893	Trust: 0.2
db:	PACKETSTORM	id:	140056	Trust: 0.2
db:	PACKETSTORM	id:	143513	Trust: 0.1
db:	PACKETSTORM	id:	136895	Trust: 0.1
db:	PACKETSTORM	id:	138471	Trust: 0.1
db:	PACKETSTORM	id:	136919	Trust: 0.1
db:	PACKETSTORM	id:	139379	Trust: 0.1
db:	CNNVD	id:	CNNVD-201605-081	Trust: 0.1
db:	VULHUB	id:	VHN-90924	Trust: 0.1
db:	ICS CERT	id:	ICSA-22-349-21	Trust: 0.1
db:	VULMON	id:	CVE-2016-2105	Trust: 0.1
db:	PACKETSTORM	id:	136958	Trust: 0.1
db:	PACKETSTORM	id:	139114	Trust: 0.1
db:	PACKETSTORM	id:	139167	Trust: 0.1
db:	PACKETSTORM	id:	137958	Trust: 0.1
db:	PACKETSTORM	id:	139116	Trust: 0.1

sources: VULHUB: VHN-90924 // VULMON: CVE-2016-2105 // PACKETSTORM: 142803 // PACKETSTORM: 138472 // PACKETSTORM: 140056 // PACKETSTORM: 136958 // PACKETSTORM: 136893 // PACKETSTORM: 139114 // PACKETSTORM: 139167 // PACKETSTORM: 137958 // PACKETSTORM: 139116 // NVD: CVE-2016-2105

REFERENCES

url:	https://www.openssl.org/news/secadv/20160503.txt	Trust: 1.3
url:	https://security.gentoo.org/glsa/201612-16	Trust: 1.3
url:	http://rhn.redhat.com/errata/rhsa-2016-0996.html	Trust: 1.3
url:	http://rhn.redhat.com/errata/rhsa-2016-1649.html	Trust: 1.3
url:	http://rhn.redhat.com/errata/rhsa-2016-2056.html	Trust: 1.3
url:	http://rhn.redhat.com/errata/rhsa-2016-2073.html	Trust: 1.3
url:	http://lists.apple.com/archives/security-announce/2016/jul/msg00000.html	Trust: 1.2
url:	http://www.securityfocus.com/bid/89757	Trust: 1.2
url:	http://www.securityfocus.com/bid/91787	Trust: 1.2
url:	http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20160504-openssl	Trust: 1.2
url:	http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html	Trust: 1.2
url:	http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html	Trust: 1.2
url:	http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html	Trust: 1.2
url:	http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html	Trust: 1.2
url:	http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html	Trust: 1.2
url:	http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html	Trust: 1.2
url:	http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html	Trust: 1.2
url:	http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html	Trust: 1.2
url:	http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html	Trust: 1.2
url:	https://bto.bluecoat.com/security-advisory/sa123	Trust: 1.2
url:	https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf	Trust: 1.2
url:	https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c05320149	Trust: 1.2
url:	https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c05390722	Trust: 1.2
url:	https://security.netapp.com/advisory/ntap-20160504-0001/	Trust: 1.2
url:	https://source.android.com/security/bulletin/pixel/2017-11-01	Trust: 1.2
url:	https://support.apple.com/ht206903	Trust: 1.2
url:	https://www.tenable.com/security/tns-2016-18	Trust: 1.2
url:	http://www.debian.org/security/2016/dsa-3566	Trust: 1.2
url:	http://lists.fedoraproject.org/pipermail/package-announce/2016-may/183457.html	Trust: 1.2
url:	http://lists.fedoraproject.org/pipermail/package-announce/2016-may/183607.html	Trust: 1.2
url:	http://lists.fedoraproject.org/pipermail/package-announce/2016-may/184605.html	Trust: 1.2
url:	https://www.freebsd.org/security/advisories/freebsd-sa-16:17.openssl.asc	Trust: 1.2
url:	http://packetstormsecurity.com/files/136912/slackware-security-advisory-openssl-updates.html	Trust: 1.2
url:	http://rhn.redhat.com/errata/rhsa-2016-0722.html	Trust: 1.2
url:	http://rhn.redhat.com/errata/rhsa-2016-1648.html	Trust: 1.2
url:	http://rhn.redhat.com/errata/rhsa-2016-1650.html	Trust: 1.2
url:	http://rhn.redhat.com/errata/rhsa-2016-2957.html	Trust: 1.2
url:	http://www.securitytracker.com/id/1035721	Trust: 1.2
url:	http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00001.html	Trust: 1.2
url:	http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00008.html	Trust: 1.2
url:	http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00010.html	Trust: 1.2
url:	http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00011.html	Trust: 1.2
url:	http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00029.html	Trust: 1.2
url:	http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00036.html	Trust: 1.2
url:	http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00055.html	Trust: 1.2
url:	http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00013.html	Trust: 1.2
url:	http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00014.html	Trust: 1.2
url:	http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00015.html	Trust: 1.2
url:	http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00016.html	Trust: 1.2
url:	http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00017.html	Trust: 1.2
url:	http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00018.html	Trust: 1.2
url:	http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00019.html	Trust: 1.2
url:	http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00030.html	Trust: 1.2
url:	http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00019.html	Trust: 1.2
url:	http://www.ubuntu.com/usn/usn-2959-1	Trust: 1.2
url:	https://kc.mcafee.com/corporate/index?page=content&id=sb10160	Trust: 1.1
url:	http://www.slackware.com/security/viewer.php?l=slackware-security&y=2016&m=slackware-security.542103	Trust: 1.1
url:	http://kb.juniper.net/infocenter/index?page=content&id=jsa10759	Trust: 1.1
url:	https://h20566.www2.hpe.com/hpsc/doc/public/display?doclocale=en_us&docid=emr_na-hpesbhf03756en_us	Trust: 1.1
url:	https://h20566.www2.hpe.com/hpsc/doc/public/display?doclocale=en_us&docid=emr_na-hpesbhf03765en_us	Trust: 1.1
url:	https://git.openssl.org/?p=openssl.git%3ba=commit%3bh=5b814481f3573fa9677f3a31ee51322e2a22ee6a	Trust: 1.1
url:	https://nvd.nist.gov/vuln/detail/cve-2016-2106	Trust: 0.9
url:	https://nvd.nist.gov/vuln/detail/cve-2016-2105	Trust: 0.9
url:	https://nvd.nist.gov/vuln/detail/cve-2016-2108	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2016-2109	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2016-2107	Trust: 0.6
url:	https://access.redhat.com/security/updates/classification/#important	Trust: 0.5
url:	https://access.redhat.com/security/cve/cve-2016-2106	Trust: 0.5
url:	https://access.redhat.com/security/cve/cve-2016-2105	Trust: 0.5
url:	https://access.redhat.com/security/team/contact/	Trust: 0.5
url:	https://www.redhat.com/mailman/listinfo/rhsa-announce	Trust: 0.5
url:	https://bugzilla.redhat.com/):	Trust: 0.5
url:	https://nvd.nist.gov/vuln/detail/cve-2016-2176	Trust: 0.4
url:	https://access.redhat.com/articles/11258	Trust: 0.4
url:	https://access.redhat.com/security/team/key/	Trust: 0.4
url:	https://access.redhat.com/security/cve/cve-2016-2109	Trust: 0.4
url:	https://access.redhat.com/security/cve/cve-2016-2108	Trust: 0.4
url:	https://access.redhat.com/security/cve/cve-2016-3110	Trust: 0.3
url:	https://nvd.nist.gov/vuln/detail/cve-2016-3110	Trust: 0.3
url:	https://access.redhat.com/security/cve/cve-2016-2107	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2016-0799	Trust: 0.2
url:	https://access.redhat.com/security/cve/cve-2016-2842	Trust: 0.2
url:	https://access.redhat.com/security/cve/cve-2016-0799	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2016-2842	Trust: 0.2
url:	https://access.redhat.com/articles/2688611	Trust: 0.2
url:	https://access.redhat.com/solutions/222023	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2016-4459	Trust: 0.2
url:	https://access.redhat.com/security/cve/cve-2015-4000	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2015-4000	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2015-3195	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2015-3183	Trust: 0.2
url:	https://access.redhat.com/security/cve/cve-2016-4459	Trust: 0.2
url:	https://access.redhat.com/security/cve/cve-2015-3195	Trust: 0.2
url:	https://access.redhat.com/security/cve/cve-2015-3183	Trust: 0.2
url:	https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?product=appplatform&downloadtype=securitypatches&version=6.4	Trust: 0.2
url:	http://kb.juniper.net/infocenter/index?page=content&id=jsa10759	Trust: 0.1
url:	https://git.openssl.org/?p=openssl.git;a=commit;h=5b814481f3573fa9677f3a31ee51322e2a22ee6a	Trust: 0.1
url:	https://h20566.www2.hpe.com/hpsc/doc/public/display?doclocale=en_us&docid=emr_na-hpesbhf03756en_us	Trust: 0.1
url:	https://h20566.www2.hpe.com/hpsc/doc/public/display?doclocale=en_us&docid=emr_na-hpesbhf03765en_us	Trust: 0.1
url:	https://kc.mcafee.com/corporate/index?page=content&id=sb10160	Trust: 0.1
url:	http://www.slackware.com/security/viewer.php?l=slackware-security&y=2016&m=slackware-security.542103	Trust: 0.1
url:	https://cwe.mitre.org/data/definitions/190.html	Trust: 0.1
url:	https://github.com/live-hack-cve/cve-2016-2105	Trust: 0.1
url:	https://access.redhat.com/errata/rhsa-2016:2073	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1
url:	https://github.com/securityrouter/changelog	Trust: 0.1
url:	https://www.cisa.gov/uscert/ics/advisories/icsa-22-349-21	Trust: 0.1
url:	http://tools.cisco.com/security/center/viewalert.x?alertid=47151	Trust: 0.1
url:	https://usn.ubuntu.com/2959-1/	Trust: 0.1
url:	http://www.hpe.com/support/security_bulletin_archive	Trust: 0.1
url:	https://www.hpe.com/info/report-security-vulnerability	Trust: 0.1
url:	https://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-hpesbhf03756en_us	Trust: 0.1
url:	https://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c01345499	Trust: 0.1
url:	http://www.hpe.com/support/subscriber_choice	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2016-5387	Trust: 0.1
url:	https://access.redhat.com/site/documentation/en-us/jboss_enterprise_web_server/2/html-single/installation_guide/index.html	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2016-5387	Trust: 0.1
url:	https://access.redhat.com/documentation/en-us/red_hat_jboss_web_server/2.1/html/2.1.1_release_notes/index.html	Trust: 0.1
url:	https://access.redhat.com/security/vulnerabilities/httpoxy	Trust: 0.1
url:	https://access.redhat.com/site/documentation/	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2016-2180	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-2105	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2016-2178	Trust: 0.1
url:	https://security.gentoo.org/	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-2183	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-2107	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-2178	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-2176	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2016-2177	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2016-7052	Trust: 0.1
url:	http://creativecommons.org/licenses/by-sa/2.5	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-6304	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-6305	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-2106	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-2108	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-7052	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2016-6306	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-2109	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2016-6304	Trust: 0.1
url:	http://eprint.iacr.org/2016/594.pdf	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2016-6305	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-2180	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-2177	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2016-2183	Trust: 0.1
url:	https://bugs.gentoo.org.	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-6306	Trust: 0.1
url:	https://www.debian.org/security/faq	Trust: 0.1
url:	https://www.debian.org/security/	Trust: 0.1
url:	https://rhn.redhat.com/errata/rhsa-2016-2054.html	Trust: 0.1
url:	https://access.redhat.com/documentation/en-us/jboss_enterprise_application_platform/6.4/index.html	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2016-0718	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2016-4599	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2016-4601	Trust: 0.1
url:	https://gpgtools.org	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2016-4449	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2016-4483	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2016-1836	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2016-4600	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2016-1865	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2016-4597	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2016-4596	Trust: 0.1
url:	http://www.apple.com/support/downloads/	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2016-4447	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2016-1863	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2016-4582	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2016-4595	Trust: 0.1
url:	https://www.apple.com/support/security/pgp/	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2016-1864	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2014-9862	Trust: 0.1
url:	http://support.apple.com/kb/ht201222	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2016-4607	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2016-4448	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2016-4598	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2016-1684	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2016-4602	Trust: 0.1
url:	https://support.apple.com/kb/ht206900	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2016-4594	Trust: 0.1
url:	https://access.redhat.com/documentation/en/jboss-enterprise-application-platform/	Trust: 0.1

CREDITS

Red Hat

Trust: 0.5

sources: PACKETSTORM: 138472 // PACKETSTORM: 136958 // PACKETSTORM: 139114 // PACKETSTORM: 139167 // PACKETSTORM: 139116

SOURCES

db:	VULHUB	id:	VHN-90924
db:	VULMON	id:	CVE-2016-2105
db:	PACKETSTORM	id:	142803
db:	PACKETSTORM	id:	138472
db:	PACKETSTORM	id:	140056
db:	PACKETSTORM	id:	136958
db:	PACKETSTORM	id:	136893
db:	PACKETSTORM	id:	139114
db:	PACKETSTORM	id:	139167
db:	PACKETSTORM	id:	137958
db:	PACKETSTORM	id:	139116
db:	NVD	id:	CVE-2016-2105

LAST UPDATE DATE

2025-07-09T20:49:12.367000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-90924	date:	2022-12-13T00:00:00
db:	VULMON	id:	CVE-2016-2105	date:	2023-11-07T00:00:00
db:	NVD	id:	CVE-2016-2105	date:	2025-04-12T10:46:40.837

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-90924	date:	2016-05-05T00:00:00
db:	VULMON	id:	CVE-2016-2105	date:	2016-05-05T00:00:00
db:	PACKETSTORM	id:	142803	date:	2017-06-05T18:18:00
db:	PACKETSTORM	id:	138472	date:	2016-08-22T23:24:00
db:	PACKETSTORM	id:	140056	date:	2016-12-07T16:37:31
db:	PACKETSTORM	id:	136958	date:	2016-05-10T17:01:56
db:	PACKETSTORM	id:	136893	date:	2016-05-03T22:55:47
db:	PACKETSTORM	id:	139114	date:	2016-10-12T20:16:45
db:	PACKETSTORM	id:	139167	date:	2016-10-18T13:58:46
db:	PACKETSTORM	id:	137958	date:	2016-07-19T19:45:20
db:	PACKETSTORM	id:	139116	date:	2016-10-12T23:44:55
db:	NVD	id:	CVE-2016-2105	date:	2016-05-05T01:59:01.200