Details of VAR-201605-0075

ID

VAR-201605-0075

CVE

CVE-2016-2105

TITLE

OpenSSL of crypto/evp/encode.c of EVP_EncodeUpdate Integer overflow vulnerability in functions

Trust: 0.8

sources: JVNDB: JVNDB-2016-002472

DESCRIPTION

Integer overflow in the EVP_EncodeUpdate function in crypto/evp/encode.c in OpenSSL before 1.0.1t and 1.0.2 before 1.0.2h allows remote attackers to cause a denial of service (heap memory corruption) via a large amount of binary data. It supports a variety of encryption algorithms, including symmetric ciphers, hash algorithms, security hashing algorithm, etc. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201612-16 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - https://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: OpenSSL: Multiple vulnerabilities Date: December 07, 2016 Bugs: #581234, #585142, #585276, #591454, #592068, #592074, #592082, #594500, #595186 ID: 201612-16 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== Multiple vulnerabilities have been found in OpenSSL, the worst of which allows attackers to conduct a time based side-channel attack. Affected packages ================= ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 dev-libs/openssl < 1.0.2j >= 1.0.2j Description =========== Multiple vulnerabilities have been discovered in OpenSSL. Please review the CVE identifiers and the International Association for Cryptologic Research's (IACR) paper, "Make Sure DSA Signing Exponentiations Really are Constant-Time" for further details. Additionally, a time based side-channel attack may allow a local attacker to recover a private DSA key. Workaround ========== There is no known workaround at this time. Resolution ========== All OpenSSL users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=dev-libs/openssl-1.0.2j" References ========== [ 1 ] CVE-2016-2105 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2105 [ 2 ] CVE-2016-2106 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2106 [ 3 ] CVE-2016-2107 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2107 [ 4 ] CVE-2016-2108 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2108 [ 5 ] CVE-2016-2109 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2109 [ 6 ] CVE-2016-2176 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2176 [ 7 ] CVE-2016-2177 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2177 [ 8 ] CVE-2016-2178 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2178 [ 9 ] CVE-2016-2180 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2180 [ 10 ] CVE-2016-2183 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2183 [ 11 ] CVE-2016-6304 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-6304 [ 12 ] CVE-2016-6305 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-6305 [ 13 ] CVE-2016-6306 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-6306 [ 14 ] CVE-2016-7052 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7052 [ 15 ] Make Sure DSA Signing Exponentiations Really are Constant-Time http://eprint.iacr.org/2016/594.pdf Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: https://security.gentoo.org/glsa/201612-16 Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org. License ======= Copyright 2016 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5 . 6) - i386, x86_64 3. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: openssl security update Advisory ID: RHSA-2016:0722-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2016-0722.html Issue date: 2016-05-09 CVE Names: CVE-2016-0799 CVE-2016-2105 CVE-2016-2106 CVE-2016-2107 CVE-2016-2108 CVE-2016-2109 CVE-2016-2842 ===================================================================== 1. Summary: An update for openssl is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Client (v. 7) - x86_64 Red Hat Enterprise Linux Client Optional (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode Optional (v. 7) - x86_64 Red Hat Enterprise Linux Server (v. 7) - ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 7) - ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 7) - x86_64 Red Hat Enterprise Linux Workstation Optional (v. 7) - x86_64 3. Description: OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL) and Transport Layer Security (TLS) protocols, as well as a full-strength general-purpose cryptography library. Security Fix(es): * A flaw was found in the way OpenSSL encoded certain ASN.1 data structures. An attacker could use this flaw to create a specially crafted certificate which, when verified or re-encoded by OpenSSL, could cause it to crash, or execute arbitrary code using the permissions of the user running an application compiled against the OpenSSL library. A remote attacker could use these flaws to crash an application using OpenSSL or, possibly, execute arbitrary code with the permissions of the user running that application. (CVE-2016-2105, CVE-2016-2106) * It was discovered that OpenSSL leaked timing information when decrypting TLS/SSL and DTLS protocol encrypted records when the connection used the AES CBC cipher suite and the server supported AES-NI. A remote attacker could possibly use this flaw to retrieve plain text from encrypted packets by using a TLS/SSL or DTLS server as a padding oracle. (CVE-2016-2107) * Several flaws were found in the way BIO_*printf functions were implemented in OpenSSL. Applications which passed large amounts of untrusted data through these functions could crash or potentially execute code with the permissions of the user running such an application. (CVE-2016-0799, CVE-2016-2842) * A denial of service flaw was found in the way OpenSSL parsed certain ASN.1-encoded data from BIO (OpenSSL's I/O abstraction) inputs. An application using OpenSSL that accepts untrusted ASN.1 BIO input could be forced to allocate an excessive amount of data. (CVE-2016-2109) Red Hat would like to thank the OpenSSL project for reporting CVE-2016-2108, CVE-2016-2842, CVE-2016-2105, CVE-2016-2106, CVE-2016-2107, and CVE-2016-0799. Upstream acknowledges Huzaifa Sidhpurwala (Red Hat), Hanno Böck, and David Benjamin (Google) as the original reporters of CVE-2016-2108; Guido Vranken as the original reporter of CVE-2016-2842, CVE-2016-2105, CVE-2016-2106, and CVE-2016-0799; and Juraj Somorovsky as the original reporter of CVE-2016-2107. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 For the update to take effect, all services linked to the OpenSSL library must be restarted, or the system rebooted. 5. Package List: Red Hat Enterprise Linux Client (v. 7): Source: openssl-1.0.1e-51.el7_2.5.src.rpm x86_64: openssl-1.0.1e-51.el7_2.5.x86_64.rpm openssl-debuginfo-1.0.1e-51.el7_2.5.i686.rpm openssl-debuginfo-1.0.1e-51.el7_2.5.x86_64.rpm openssl-libs-1.0.1e-51.el7_2.5.i686.rpm openssl-libs-1.0.1e-51.el7_2.5.x86_64.rpm Red Hat Enterprise Linux Client Optional (v. 7): x86_64: openssl-debuginfo-1.0.1e-51.el7_2.5.i686.rpm openssl-debuginfo-1.0.1e-51.el7_2.5.x86_64.rpm openssl-devel-1.0.1e-51.el7_2.5.i686.rpm openssl-devel-1.0.1e-51.el7_2.5.x86_64.rpm openssl-perl-1.0.1e-51.el7_2.5.x86_64.rpm openssl-static-1.0.1e-51.el7_2.5.i686.rpm openssl-static-1.0.1e-51.el7_2.5.x86_64.rpm Red Hat Enterprise Linux ComputeNode (v. 7): Source: openssl-1.0.1e-51.el7_2.5.src.rpm x86_64: openssl-1.0.1e-51.el7_2.5.x86_64.rpm openssl-debuginfo-1.0.1e-51.el7_2.5.i686.rpm openssl-debuginfo-1.0.1e-51.el7_2.5.x86_64.rpm openssl-libs-1.0.1e-51.el7_2.5.i686.rpm openssl-libs-1.0.1e-51.el7_2.5.x86_64.rpm Red Hat Enterprise Linux ComputeNode Optional (v. 7): x86_64: openssl-debuginfo-1.0.1e-51.el7_2.5.i686.rpm openssl-debuginfo-1.0.1e-51.el7_2.5.x86_64.rpm openssl-devel-1.0.1e-51.el7_2.5.i686.rpm openssl-devel-1.0.1e-51.el7_2.5.x86_64.rpm openssl-perl-1.0.1e-51.el7_2.5.x86_64.rpm openssl-static-1.0.1e-51.el7_2.5.i686.rpm openssl-static-1.0.1e-51.el7_2.5.x86_64.rpm Red Hat Enterprise Linux Server (v. 7): Source: openssl-1.0.1e-51.el7_2.5.src.rpm ppc64: openssl-1.0.1e-51.el7_2.5.ppc64.rpm openssl-debuginfo-1.0.1e-51.el7_2.5.ppc.rpm openssl-debuginfo-1.0.1e-51.el7_2.5.ppc64.rpm openssl-devel-1.0.1e-51.el7_2.5.ppc.rpm openssl-devel-1.0.1e-51.el7_2.5.ppc64.rpm openssl-libs-1.0.1e-51.el7_2.5.ppc.rpm openssl-libs-1.0.1e-51.el7_2.5.ppc64.rpm ppc64le: openssl-1.0.1e-51.el7_2.5.ppc64le.rpm openssl-debuginfo-1.0.1e-51.el7_2.5.ppc64le.rpm openssl-devel-1.0.1e-51.el7_2.5.ppc64le.rpm openssl-libs-1.0.1e-51.el7_2.5.ppc64le.rpm s390x: openssl-1.0.1e-51.el7_2.5.s390x.rpm openssl-debuginfo-1.0.1e-51.el7_2.5.s390.rpm openssl-debuginfo-1.0.1e-51.el7_2.5.s390x.rpm openssl-devel-1.0.1e-51.el7_2.5.s390.rpm openssl-devel-1.0.1e-51.el7_2.5.s390x.rpm openssl-libs-1.0.1e-51.el7_2.5.s390.rpm openssl-libs-1.0.1e-51.el7_2.5.s390x.rpm x86_64: openssl-1.0.1e-51.el7_2.5.x86_64.rpm openssl-debuginfo-1.0.1e-51.el7_2.5.i686.rpm openssl-debuginfo-1.0.1e-51.el7_2.5.x86_64.rpm openssl-devel-1.0.1e-51.el7_2.5.i686.rpm openssl-devel-1.0.1e-51.el7_2.5.x86_64.rpm openssl-libs-1.0.1e-51.el7_2.5.i686.rpm openssl-libs-1.0.1e-51.el7_2.5.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 7): ppc64: openssl-debuginfo-1.0.1e-51.el7_2.5.ppc.rpm openssl-debuginfo-1.0.1e-51.el7_2.5.ppc64.rpm openssl-perl-1.0.1e-51.el7_2.5.ppc64.rpm openssl-static-1.0.1e-51.el7_2.5.ppc.rpm openssl-static-1.0.1e-51.el7_2.5.ppc64.rpm ppc64le: openssl-debuginfo-1.0.1e-51.el7_2.5.ppc64le.rpm openssl-perl-1.0.1e-51.el7_2.5.ppc64le.rpm openssl-static-1.0.1e-51.el7_2.5.ppc64le.rpm s390x: openssl-debuginfo-1.0.1e-51.el7_2.5.s390.rpm openssl-debuginfo-1.0.1e-51.el7_2.5.s390x.rpm openssl-perl-1.0.1e-51.el7_2.5.s390x.rpm openssl-static-1.0.1e-51.el7_2.5.s390.rpm openssl-static-1.0.1e-51.el7_2.5.s390x.rpm x86_64: openssl-debuginfo-1.0.1e-51.el7_2.5.i686.rpm openssl-debuginfo-1.0.1e-51.el7_2.5.x86_64.rpm openssl-perl-1.0.1e-51.el7_2.5.x86_64.rpm openssl-static-1.0.1e-51.el7_2.5.i686.rpm openssl-static-1.0.1e-51.el7_2.5.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 7): Source: openssl-1.0.1e-51.el7_2.5.src.rpm x86_64: openssl-1.0.1e-51.el7_2.5.x86_64.rpm openssl-debuginfo-1.0.1e-51.el7_2.5.i686.rpm openssl-debuginfo-1.0.1e-51.el7_2.5.x86_64.rpm openssl-devel-1.0.1e-51.el7_2.5.i686.rpm openssl-devel-1.0.1e-51.el7_2.5.x86_64.rpm openssl-libs-1.0.1e-51.el7_2.5.i686.rpm openssl-libs-1.0.1e-51.el7_2.5.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 7): x86_64: openssl-debuginfo-1.0.1e-51.el7_2.5.i686.rpm openssl-debuginfo-1.0.1e-51.el7_2.5.x86_64.rpm openssl-perl-1.0.1e-51.el7_2.5.x86_64.rpm openssl-static-1.0.1e-51.el7_2.5.i686.rpm openssl-static-1.0.1e-51.el7_2.5.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2016-0799 https://access.redhat.com/security/cve/CVE-2016-2105 https://access.redhat.com/security/cve/CVE-2016-2106 https://access.redhat.com/security/cve/CVE-2016-2107 https://access.redhat.com/security/cve/CVE-2016-2108 https://access.redhat.com/security/cve/CVE-2016-2109 https://access.redhat.com/security/cve/CVE-2016-2842 https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2016 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFXMFlTXlSAg2UNWIIRAhYAAJ0T9Ib2vXUa5te34i6fphHrbe0HlwCfePy5 WjaK8x9OaI0FgbWyfxvwq6o= =jHjh -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce. ============================================================================ Ubuntu Security Notice USN-2959-1 May 03, 2016 openssl vulnerabilities ============================================================================ A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 16.04 LTS - Ubuntu 15.10 - Ubuntu 14.04 LTS - Ubuntu 12.04 LTS Summary: Several security issues were fixed in OpenSSL. (CVE-2016-2106) Brian Carpenter discovered that OpenSSL incorrectly handled memory when ASN.1 data is read from a BIO. (CVE-2016-2109) As a security improvement, this update also modifies OpenSSL behaviour to reject DH key sizes below 1024 bits, preventing a possible downgrade attack. Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 16.04 LTS: libssl1.0.0 1.0.2g-1ubuntu4.1 Ubuntu 15.10: libssl1.0.0 1.0.2d-0ubuntu1.5 Ubuntu 14.04 LTS: libssl1.0.0 1.0.1f-1ubuntu2.19 Ubuntu 12.04 LTS: libssl1.0.0 1.0.1-4ubuntu5.36 After a standard system update you need to reboot your computer to make all the necessary changes. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Note: the current version of the following document is available here: https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf03765en_us SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: hpesbhf03765en_us Version: 1 HPESBHF03765 rev.1 - HPE ConvergedSystem 700 Solution with Comware v7 Switches using OpenSSL, Remote Denial of Service (DoS) and Disclosure of Sensitive Information NOTICE: The information in this Security Bulletin should be acted upon as soon as possible. Release Date: 2017-07-20 Last Updated: 2017-07-20 Potential Security Impact: Remote: Denial of Service (DoS), Disclosure of Sensitive Information Source: Hewlett Packard Enterprise, Product Security Response Team VULNERABILITY SUMMARY Potential security vulnerabilities in OpenSSL have been addressed in HPE Network Products including Comware v7 that is applicable for ConvergedSystem 700 solutions. The vulnerabilities could be remotely exploited resulting in Denial of Service (DoS) or disclosure of sensitive information. References: - CVE-2016-2105 - openssl - CVE-2016-2106 - openssl - CVE-2016-2107 - openssl - CVE-2016-2108 - openssl - CVE-2016-2109 - openssl - CVE-2016-2176 - openssl SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. - HP ConvergedSystem 700 for Virtualization 1.0 - HP ConvergedSystem 700 for Virtualization 1.1 1.1 - HP ConvergedSystem 700 Virtualization 2.0 Foundation Kit 2.0 - HP ConvergedSystem 700 Virtualization 2.0 VMware Kit 2.0 - HP ConvergedSystem 700x 1.0 - HP ConvergedSystem 700x for Microsoft Solution Kit 1.0 - HP ConvergedSystem 700x v1.1 Microsoft Kit 1.1 - HP ConvergedSystem 700x v1.1 VMware Kit 1.1 BACKGROUND CVSS Base Metrics ================= Reference, CVSS V3 Score/Vector, CVSS V2 Score/Vector CVE-2016-2105 5.3 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L 5.0 (AV:N/AC:L/Au:N/C:N/I:N/A:P) CVE-2016-2106 5.3 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L 5.0 (AV:N/AC:L/Au:N/C:N/I:N/A:P) CVE-2016-2107 3.7 CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L 2.6 (AV:N/AC:H/Au:N/C:P/I:N/A:N) CVE-2016-2108 9.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 10.0 (AV:N/AC:L/Au:N/C:C/I:C/A:C) CVE-2016-2109 7.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 7.8 (AV:N/AC:L/Au:N/C:N/I:N/A:C) CVE-2016-2176 6.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L 6.4 (AV:N/AC:L/Au:N/C:P/I:N/A:P) Information on CVSS is documented in HPE Customer Notice HPSN-2008-002 here: https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c01345499 RESOLUTION HPE recommends upgrading your network switches to Comware v7 Version R2422P02 which is part of the HPE ConvergedSystem 700 Solution as listed below: * CS700/CS700x 1.0 and 1.1 solution: + HPN 5900 Switch (JG510A/JH038A) (JC772A/JG554A) (JG296A) * CS700 2.0 solution: + HPE FlexFabric 5930 Switch 4slot (JH179A/JH188A) 2slot+2QSFP+ (JH178A/JH187A) * HPE has provided the following Customer Notice that includes links to documentation to assist you in maintaining your HPE ConvergedSystem 700 solution: + <http://h20565.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-a00006123en_ s> **Note:** Please contact HPE Technical Support if any assistance is needed acquiring the software updates. HISTORY Version:1 (rev.1) - 21 July 2017 Initial release Third Party Security Patches: Third party security patches that are to be installed on systems running Hewlett Packard Enterprise (HPE) software products should be applied in accordance with the customer's patch management policy. Support: For issues about implementing the recommendations of this Security Bulletin, contact normal HPE Services support channel. For other issues about the content of this Security Bulletin, send e-mail to security-alert@hpe.com. Report: To report a potential security vulnerability for any HPE supported product: Web form: https://www.hpe.com/info/report-security-vulnerability Email: security-alert@hpe.com Subscribe: To initiate a subscription to receive future HPE Security Bulletin alerts via Email: http://www.hpe.com/support/Subscriber_Choice Security Bulletin Archive: A list of recently released Security Bulletins is available here: http://www.hpe.com/support/Security_Bulletin_Archive Software Product Category: The Software Product Category is represented in the title by the two characters following HPSB. 3C = 3COM 3P = 3rd Party Software GN = HPE General Software HF = HPE Hardware and Firmware MU = Multi-Platform Software NS = NonStop Servers OV = OpenVMS PV = ProCurve ST = Storage Software UX = HP-UX Copyright 2016 Hewlett Packard Enterprise Hewlett Packard Enterprise shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental,special or consequential damages including downtime cost; lost profits; damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett Packard Enterprise and the names of Hewlett Packard Enterprise products referenced herein are trademarks of Hewlett Packard Enterprise in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners. Description: Red Hat JBoss Enterprise Application Platform 6 is a platform for Java applications based on JBoss Application Server 7. This release includes bug fixes and enhancements, as well as a new release of OpenSSL that addresses a number of outstanding security flaws. For further information, see the knowledge base article linked to in the References section. (CVE-2016-2108) * Multiple flaws were found in the way httpd parsed HTTP requests and responses using chunked transfer encoding. A remote attacker could use these flaws to create a specially crafted request, which httpd would decode differently from an HTTP proxy software in front of it, possibly leading to HTTP request smuggling attacks. (CVE-2015-3195) * A flaw was found in the way the TLS protocol composes the Diffie-Hellman exchange (for both export and non-export grade cipher suites). An attacker could use this flaw to downgrade a DHE connection to use export-grade key sizes, which could then be broken by sufficient pre-computation. This can lead to a passive man-in-the-middle attack in which the attacker is able to decrypt all traffic. (CVE-2016-2106) * It was discovered that it is possible to remotely Segfault Apache http server with a specially crafted string sent to the mod_cluster via service messages (MCMP). (CVE-2016-2109) * It was discovered that specifying configuration with a JVMRoute path longer than 80 characters will cause segmentation fault leading to a server crash. The References section of this erratum contains a download link (you must log in to download the update). (CVE-2014-8176, CVE-2015-0209, CVE-2015-0286, CVE-2015-3194, CVE-2015-3195, CVE-2015-3196, CVE-2015-3216, CVE-2016-0702, CVE-2016-0705, CVE-2016-0797, CVE-2016-0799, CVE-2016-2105, CVE-2016-2106, CVE-2016-2107, CVE-2016-2108, CVE-2016-2109, CVE-2016-2177, CVE-2016-2178, CVE-2016-2842) * This update fixes several flaws in libxml2. (CVE-2016-1762, CVE-2016-1833, CVE-2016-1834, CVE-2016-1835, CVE-2016-1836, CVE-2016-1837, CVE-2016-1838, CVE-2016-1839, CVE-2016-1840, CVE-2016-3627, CVE-2016-3705, CVE-2016-4447, CVE-2016-4448, CVE-2016-4449, CVE-2016-4483) * This update fixes three flaws in curl. (CVE-2016-5419, CVE-2016-5420, CVE-2016-7141) * This update fixes two flaws in httpd. (CVE-2014-3523, CVE-2015-3185) * This update fixes two flaws in mod_cluster. (CVE-2016-4459, CVE-2016-8612) * A buffer overflow flaw when concatenating virtual host names and URIs was fixed in mod_jk. (CVE-2016-6808) * A memory leak flaw was fixed in expat. After installing the updated packages, the httpd daemon will be restarted automatically. JIRA issues fixed (https://issues.jboss.org/): JBCS-50 - CVE-2012-1148 CVE-2012-0876 expat: various flaws [jbews-3.0.0] JBCS-95 - CVE-2014-3523 httpd: WinNT MPM denial of service 6

Trust: 2.43

sources: NVD: CVE-2016-2105 // JVNDB: JVNDB-2016-002472 // VULHUB: VHN-90924 // PACKETSTORM: 140056 // PACKETSTORM: 136958 // PACKETSTORM: 136937 // PACKETSTORM: 136895 // PACKETSTORM: 143513 // PACKETSTORM: 139167 // PACKETSTORM: 139116 // PACKETSTORM: 140182

AFFECTED PRODUCTS

vendor:	openssl	model:	openssl	scope:	eq	version:	1.0.2d	Trust: 1.6
vendor:	openssl	model:	openssl	scope:	eq	version:	1.0.2c	Trust: 1.6
vendor:	openssl	model:	openssl	scope:	eq	version:	1.0.2e	Trust: 1.6
vendor:	openssl	model:	openssl	scope:	eq	version:	1.0.2f	Trust: 1.6
vendor:	openssl	model:	openssl	scope:	eq	version:	1.0.2	Trust: 1.6
vendor:	openssl	model:	openssl	scope:	eq	version:	1.0.2a	Trust: 1.6
vendor:	openssl	model:	openssl	scope:	eq	version:	1.0.2b	Trust: 1.6
vendor:	openssl	model:	openssl	scope:	eq	version:	1.0.2g	Trust: 1.6
vendor:	opensuse	model:	leap	scope:	eq	version:	42.1	Trust: 1.0
vendor:	redhat	model:	enterprise linux hpc node eus	scope:	eq	version:	7.2	Trust: 1.0
vendor:	canonical	model:	ubuntu linux	scope:	eq	version:	15.10	Trust: 1.0
vendor:	openssl	model:	openssl	scope:	eq	version:	1.0.1p	Trust: 1.0
vendor:	nodejs	model:	node.js	scope:	lt	version:	0.10.45	Trust: 1.0
vendor:	openssl	model:	openssl	scope:	eq	version:	1.0.1f	Trust: 1.0
vendor:	nodejs	model:	node.js	scope:	eq	version:	6.0.0	Trust: 1.0
vendor:	nodejs	model:	node.js	scope:	gte	version:	0.10.0	Trust: 1.0
vendor:	openssl	model:	openssl	scope:	eq	version:	1.0.1l	Trust: 1.0
vendor:	openssl	model:	openssl	scope:	eq	version:	1.0.1d	Trust: 1.0
vendor:	nodejs	model:	node.js	scope:	gte	version:	5.0.0	Trust: 1.0
vendor:	openssl	model:	openssl	scope:	eq	version:	1.0.1c	Trust: 1.0
vendor:	opensuse	model:	opensuse	scope:	eq	version:	13.2	Trust: 1.0
vendor:	oracle	model:	mysql	scope:	gte	version:	5.7.0	Trust: 1.0
vendor:	redhat	model:	enterprise linux server	scope:	eq	version:	7.0	Trust: 1.0
vendor:	openssl	model:	openssl	scope:	eq	version:	1.0.1g	Trust: 1.0
vendor:	nodejs	model:	node.js	scope:	lt	version:	0.12.14	Trust: 1.0
vendor:	redhat	model:	enterprise linux server	scope:	eq	version:	6.0	Trust: 1.0
vendor:	openssl	model:	openssl	scope:	eq	version:	1.0.1s	Trust: 1.0
vendor:	openssl	model:	openssl	scope:	eq	version:	1.0.1q	Trust: 1.0
vendor:	canonical	model:	ubuntu linux	scope:	eq	version:	12.04	Trust: 1.0
vendor:	debian	model:	linux	scope:	eq	version:	8.0	Trust: 1.0
vendor:	redhat	model:	enterprise linux hpc node	scope:	eq	version:	7.0	Trust: 1.0
vendor:	nodejs	model:	node.js	scope:	lt	version:	5.11.1	Trust: 1.0
vendor:	nodejs	model:	node.js	scope:	gte	version:	4.0.0	Trust: 1.0
vendor:	redhat	model:	enterprise linux workstation	scope:	eq	version:	7.0	Trust: 1.0
vendor:	redhat	model:	enterprise linux server eus	scope:	eq	version:	7.2	Trust: 1.0
vendor:	canonical	model:	ubuntu linux	scope:	eq	version:	16.04	Trust: 1.0
vendor:	openssl	model:	openssl	scope:	eq	version:	1.0.1b	Trust: 1.0
vendor:	redhat	model:	enterprise linux workstation	scope:	eq	version:	6.0	Trust: 1.0
vendor:	canonical	model:	ubuntu linux	scope:	eq	version:	14.04	Trust: 1.0
vendor:	oracle	model:	mysql	scope:	lte	version:	5.6.30	Trust: 1.0
vendor:	oracle	model:	mysql	scope:	lte	version:	5.7.12	Trust: 1.0
vendor:	apple	model:	mac os x	scope:	eq	version:	10.11.5	Trust: 1.0
vendor:	nodejs	model:	node.js	scope:	gte	version:	0.12.0	Trust: 1.0
vendor:	nodejs	model:	node.js	scope:	gte	version:	4.2.0	Trust: 1.0
vendor:	openssl	model:	openssl	scope:	eq	version:	1.0.1h	Trust: 1.0
vendor:	nodejs	model:	node.js	scope:	lte	version:	4.1.2	Trust: 1.0
vendor:	redhat	model:	enterprise linux desktop	scope:	eq	version:	7.0	Trust: 1.0
vendor:	openssl	model:	openssl	scope:	eq	version:	1.0.1j	Trust: 1.0
vendor:	openssl	model:	openssl	scope:	eq	version:	1.0.1o	Trust: 1.0
vendor:	openssl	model:	openssl	scope:	eq	version:	1.0.1	Trust: 1.0
vendor:	redhat	model:	enterprise linux server aus	scope:	eq	version:	7.2	Trust: 1.0
vendor:	redhat	model:	enterprise linux hpc node	scope:	eq	version:	6	Trust: 1.0
vendor:	openssl	model:	openssl	scope:	eq	version:	1.0.1e	Trust: 1.0
vendor:	nodejs	model:	node.js	scope:	lt	version:	4.4.4	Trust: 1.0
vendor:	redhat	model:	enterprise linux desktop	scope:	eq	version:	6.0	Trust: 1.0
vendor:	oracle	model:	mysql	scope:	gte	version:	5.6.0	Trust: 1.0
vendor:	openssl	model:	openssl	scope:	eq	version:	1.0.1a	Trust: 1.0
vendor:	openssl	model:	openssl	scope:	eq	version:	1.0.1i	Trust: 1.0
vendor:	openssl	model:	openssl	scope:	eq	version:	1.0.1r	Trust: 1.0
vendor:	openssl	model:	openssl	scope:	eq	version:	1.0.1k	Trust: 1.0
vendor:	openssl	model:	openssl	scope:	eq	version:	1.0.1n	Trust: 1.0
vendor:	openssl	model:	openssl	scope:	eq	version:	1.0.1m	Trust: 1.0
vendor:	nec	model:	esmpro/serveragentservice	scope:	eq	version:	all versions (linux)	Trust: 0.8
vendor:	red hat	model:	enterprise linux desktop	scope:	eq	version:	(v. 7)	Trust: 0.8
vendor:	nec	model:	webotx application server	scope:	eq	version:	foundation v8.2 to v8.5	Trust: 0.8
vendor:	red hat	model:	enterprise linux workstation	scope:	eq	version:	(v. 7)	Trust: 0.8
vendor:	red hat	model:	enterprise linux hpc node	scope:	eq	version:	(v. 6)	Trust: 0.8
vendor:	hitachi	model:	ucosminexus developer standard	scope:	-	version:	-	Trust: 0.8
vendor:	red hat	model:	enterprise linux hpc node eus	scope:	eq	version:	(v. 7.2)	Trust: 0.8
vendor:	oracle	model:	fusion middleware	scope:	eq	version:	of oracle access manager 11.1.1.7	Trust: 0.8
vendor:	nec	model:	express5800	scope:	eq	version:	v3.0	Trust: 0.8
vendor:	hitachi	model:	ucosminexus application server smart edition	scope:	-	version:	-	Trust: 0.8
vendor:	nec	model:	express5800	scope:	eq	version:	v6.2	Trust: 0.8
vendor:	hitachi	model:	cosminexus developer version 5	scope:	-	version:	-	Trust: 0.8
vendor:	red hat	model:	enterprise linux server	scope:	eq	version:	(v. 7)	Trust: 0.8
vendor:	oracle	model:	exalogic infrastructure	scope:	eq	version:	1.x	Trust: 0.8
vendor:	nec	model:	express5800	scope:	eq	version:	v7.1	Trust: 0.8
vendor:	oracle	model:	mysql	scope:	lte	version:	5.7.12 and earlier	Trust: 0.8
vendor:	openssl	model:	openssl	scope:	eq	version:	1.0.1t	Trust: 0.8
vendor:	hitachi	model:	cosminexus primary server	scope:	eq	version:	base version 6	Trust: 0.8
vendor:	red hat	model:	enterprise linux server aus	scope:	eq	version:	(v. 7.2)	Trust: 0.8
vendor:	openssl	model:	openssl	scope:	lt	version:	1.0.2	Trust: 0.8
vendor:	opensuse	model:	leap	scope:	-	version:	-	Trust: 0.8
vendor:	nec	model:	websam	scope:	eq	version:	7.0	Trust: 0.8
vendor:	oracle	model:	secure global desktop	scope:	eq	version:	4.71	Trust: 0.8
vendor:	hitachi	model:	cosminexus developer standard version 6	scope:	-	version:	-	Trust: 0.8
vendor:	hitachi	model:	cosminexus developer professional version 6	scope:	-	version:	-	Trust: 0.8
vendor:	oracle	model:	peoplesoft enterprise peopletools	scope:	eq	version:	8.53	Trust: 0.8
vendor:	hitachi	model:	ucosminexus developer	scope:	eq	version:	professional for plug-in	Trust: 0.8
vendor:	hitachi	model:	web server	scope:	eq	version:	none	Trust: 0.8
vendor:	hitachi	model:	ucosminexus service platform	scope:	eq	version:	- messaging	Trust: 0.8
vendor:	nec	model:	ip38x/3000	scope:	-	version:	-	Trust: 0.8
vendor:	hitachi	model:	cosminexus application server version 5	scope:	-	version:	-	Trust: 0.8
vendor:	nec	model:	ip38x/1200	scope:	-	version:	-	Trust: 0.8
vendor:	nec	model:	webotx application server	scope:	eq	version:	st ard v8.2 to v9.4	Trust: 0.8
vendor:	oracle	model:	mysql	scope:	lte	version:	5.6.30 and earlier	Trust: 0.8
vendor:	nec	model:	express5800	scope:	eq	version:	v3.1	Trust: 0.8
vendor:	nec	model:	websam	scope:	eq	version:	netvisorpro 6.1	Trust: 0.8
vendor:	nec	model:	ip38x/810	scope:	-	version:	-	Trust: 0.8
vendor:	nec	model:	webotx enterprise service bus	scope:	eq	version:	v8.2 to v9.3	Trust: 0.8
vendor:	nec	model:	ip38x/n500	scope:	-	version:	-	Trust: 0.8
vendor:	hitachi	model:	ucosminexus developer light	scope:	-	version:	-	Trust: 0.8
vendor:	nec	model:	express5800	scope:	eq	version:	/sg series sg3600lm/lg/lj v6.1	Trust: 0.8
vendor:	red hat	model:	enterprise linux desktop	scope:	eq	version:	(v. 6)	Trust: 0.8
vendor:	hitachi	model:	cosminexus developer light version 6	scope:	-	version:	-	Trust: 0.8
vendor:	hitachi	model:	ucosminexus application server	scope:	eq	version:	st ard-r	Trust: 0.8
vendor:	red hat	model:	enterprise linux workstation	scope:	eq	version:	(v. 6)	Trust: 0.8
vendor:	hitachi	model:	ucosminexus service platform	scope:	eq	version:	none	Trust: 0.8
vendor:	nec	model:	capssuite	scope:	eq	version:	v3.0 to v4.0	Trust: 0.8
vendor:	oracle	model:	secure global desktop	scope:	eq	version:	5.2	Trust: 0.8
vendor:	nec	model:	univerge	scope:	eq	version:	business connect v7.1.1	Trust: 0.8
vendor:	nec	model:	express5800	scope:	eq	version:	v4.0	Trust: 0.8
vendor:	apple	model:	mac os x	scope:	eq	version:	10.11 and later	Trust: 0.8
vendor:	red hat	model:	enterprise linux server eus	scope:	eq	version:	(v. 7.2)	Trust: 0.8
vendor:	nec	model:	ip38x/sr100	scope:	-	version:	-	Trust: 0.8
vendor:	hitachi	model:	cosminexus application server enterprise	scope:	eq	version:	version 6	Trust: 0.8
vendor:	openssl	model:	openssl	scope:	eq	version:	1.0.2h	Trust: 0.8
vendor:	red hat	model:	enterprise linux server	scope:	eq	version:	(v. 6)	Trust: 0.8
vendor:	hitachi	model:	cosminexus primary server	scope:	eq	version:	version 6	Trust: 0.8
vendor:	nec	model:	express5800	scope:	eq	version:	v8.0	Trust: 0.8
vendor:	oracle	model:	peoplesoft enterprise peopletools	scope:	eq	version:	8.55	Trust: 0.8
vendor:	nec	model:	websam	scope:	eq	version:	6.2	Trust: 0.8
vendor:	nec	model:	enterprisedirectoryserver	scope:	eq	version:	ver6.1 to v8.0	Trust: 0.8
vendor:	nec	model:	secureware/pki application development kit	scope:	eq	version:	ver3.2	Trust: 0.8
vendor:	oracle	model:	peoplesoft enterprise peopletools	scope:	eq	version:	8.54	Trust: 0.8
vendor:	nec	model:	express5800	scope:	eq	version:	v7.0	Trust: 0.8
vendor:	nec	model:	express5800	scope:	eq	version:	/sg series intersecvm/sg v1.2	Trust: 0.8
vendor:	nec	model:	ip38x/1210	scope:	-	version:	-	Trust: 0.8
vendor:	hitachi	model:	ucosminexus primary server	scope:	eq	version:	base	Trust: 0.8
vendor:	nec	model:	webotx application server	scope:	eq	version:	express v8.2 to v9.4	Trust: 0.8
vendor:	oracle	model:	exalogic infrastructure	scope:	eq	version:	2.x	Trust: 0.8
vendor:	hitachi	model:	ucosminexus service architect	scope:	-	version:	-	Trust: 0.8
vendor:	hitachi	model:	ucosminexus application server enterprise	scope:	-	version:	-	Trust: 0.8
vendor:	red hat	model:	enterprise linux hpc node	scope:	eq	version:	(v. 7)	Trust: 0.8
vendor:	hitachi	model:	cosminexus application server standard	scope:	eq	version:	version 6	Trust: 0.8
vendor:	hitachi	model:	ucosminexus application server	scope:	eq	version:	express	Trust: 0.8
vendor:	nec	model:	webotx application server	scope:	eq	version:	enterprise v8.2 to v9.4	Trust: 0.8
vendor:	hitachi	model:	web server	scope:	eq	version:	- security enhancement	Trust: 0.8
vendor:	nec	model:	ip38x/3500	scope:	-	version:	-	Trust: 0.8
vendor:	nec	model:	ip38x/fw120	scope:	-	version:	-	Trust: 0.8
vendor:	hitachi	model:	ucosminexus developer	scope:	eq	version:	01	Trust: 0.8
vendor:	openssl	model:	openssl	scope:	lt	version:	1.0.1	Trust: 0.8
vendor:	oracle	model:	secure global desktop	scope:	eq	version:	4.63	Trust: 0.8
vendor:	opensuse	model:	opensuse	scope:	-	version:	-	Trust: 0.8
vendor:	nec	model:	ip38x/5000	scope:	-	version:	-	Trust: 0.8
vendor:	hitachi	model:	ucosminexus application server standard	scope:	-	version:	-	Trust: 0.8
vendor:	hitachi	model:	ucosminexus developer	scope:	eq	version:	professional	Trust: 0.8
vendor:	nec	model:	express5800	scope:	eq	version:	v8.2	Trust: 0.8
vendor:	oracle	model:	fusion middleware	scope:	eq	version:	of oracle access manager 10.1.4.x	Trust: 0.8
vendor:	nec	model:	express5800	scope:	eq	version:	/sg series univerge sg3000lg/lj	Trust: 0.8

sources: CNNVD: CNNVD-201605-081 // JVNDB: JVNDB-2016-002472 // NVD: CVE-2016-2105

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2016-2105
value:	HIGH
Trust: 1.0
NVD:	CVE-2016-2105
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-201605-081
value:	HIGH
Trust: 0.6
VULHUB:	VHN-90924
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2016-2105
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-90924
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2016-2105
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	3.6
version:	3.1
Trust: 1.0
NVD:	CVE-2016-2105
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: VULHUB: VHN-90924 // CNNVD: CNNVD-201605-081 // JVNDB: JVNDB-2016-002472 // NVD: CVE-2016-2105

PROBLEMTYPE DATA

problemtype:	CWE-190	Trust: 1.1
problemtype:	CWE-189	Trust: 0.9

sources: VULHUB: VHN-90924 // JVNDB: JVNDB-2016-002472 // NVD: CVE-2016-2105

THREAT TYPE

remote

Trust: 0.7

sources: PACKETSTORM: 136895 // CNNVD: CNNVD-201605-081

TYPE

input validation error

Trust: 0.6

sources: CNNVD: CNNVD-201605-081

CONFIGURATIONS

sources: JVNDB: JVNDB-2016-002472

EXPLOIT AVAILABILITY

sources: VULHUB: VHN-90924

PATCH

title:	APPLE-SA-2016-07-18-1 OS X El Capitan v10.11.6 and Security Update 2016-004	url:	http://lists.apple.com/archives/security-announce/2016/Jul/msg00000.html	Trust: 0.8
title:	HT206903	url:	https://support.apple.com/en-us/HT206903	Trust: 0.8
title:	HT206903	url:	https://support.apple.com/ja-jp/HT206903	Trust: 0.8
title:	HPSBMU03691	url:	https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390722	Trust: 0.8
title:	SB10160	url:	https://kc.mcafee.com/corporate/index?page=content&id=SB10160	Trust: 0.8
title:	NV16-015	url:	http://jpn.nec.com/security-info/secinfo/nv16-015.html	Trust: 0.8
title:	Major changes between OpenSSL 1.0.1s and OpenSSL 1.0.1t [3 May 2016]	url:	https://www.openssl.org/news/openssl-1.0.1-notes.html	Trust: 0.8
title:	Major changes between OpenSSL 1.0.2g and OpenSSL 1.0.2h [3 May 2016]	url:	https://www.openssl.org/news/openssl-1.0.2-notes.html	Trust: 0.8
title:	Avoid overflow in EVP_EncodeUpdate	url:	https://git.openssl.org/?p=openssl.git;a=commit;h=5b814481f3573fa9677f3a31ee51322e2a22ee6a	Trust: 0.8
title:	EVP_EncodeUpdate overflow (CVE-2016-2105)	url:	https://www.openssl.org/news/secadv/20160503.txt	Trust: 0.8
title:	openSUSE-SU-2016:1566	url:	https://lists.opensuse.org/opensuse-security-announce/2016-06/msg00019.html	Trust: 0.8
title:	Oracle Critical Patch Update Advisory - October 2016	url:	http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html	Trust: 0.8
title:	Oracle Critical Patch Update Advisory - July 2016	url:	http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html	Trust: 0.8
title:	Text Form of Oracle Critical Patch Update - July 2016 Risk Matrices	url:	http://www.oracle.com/technetwork/topics/security/cpujul2016verbose-2881721.html	Trust: 0.8
title:	Oracle Linux Bulletin - July 2016	url:	http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html	Trust: 0.8
title:	Oracle Solaris Third Party Bulletin - April 2016	url:	http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html	Trust: 0.8
title:	Oracle VM Server for x86 Bulletin - July 2016	url:	http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html	Trust: 0.8
title:	Oracle Linux Bulletin - April 2016	url:	http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html	Trust: 0.8
title:	RHSA-2016:0722	url:	http://rhn.redhat.com/errata/RHSA-2016-0722.html	Trust: 0.8
title:	RHSA-2016:0996	url:	http://rhn.redhat.com/errata/RHSA-2016-0996.html	Trust: 0.8
title:	SA40202	url:	https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA40202	Trust: 0.8
title:	July 2016 Critical Patch Update Released	url:	https://blogs.oracle.com/security/entry/july_2016_critical_patch_update	Trust: 0.8
title:	JSA10759	url:	http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10759	Trust: 0.8
title:	TLSA-2016-14	url:	http://www.turbolinux.co.jp/security/2016/TLSA-2016-14j.html	Trust: 0.8
title:	HS16-023	url:	http://www.hitachi.co.jp/Prod/comp/soft1/security/info/vuls/HS16-023/index.html	Trust: 0.8
title:	OpenSSL Fixes for integer overflow vulnerabilities	url:	http://123.124.177.30/web/xxk/bdxqById.tag?id=61406	Trust: 0.6

sources: CNNVD: CNNVD-201605-081 // JVNDB: JVNDB-2016-002472

EXTERNAL IDS

db:	NVD	id:	CVE-2016-2105	Trust: 3.3
db:	BID	id:	91787	Trust: 1.7
db:	BID	id:	89757	Trust: 1.7
db:	SECTRACK	id:	1035721	Trust: 1.7
db:	MCAFEE	id:	SB10160	Trust: 1.7
db:	PACKETSTORM	id:	136912	Trust: 1.7
db:	TENABLE	id:	TNS-2016-18	Trust: 1.7
db:	SIEMENS	id:	SSA-412672	Trust: 1.7
db:	JUNIPER	id:	JSA10759	Trust: 1.7
db:	JVN	id:	JVNVU93163809	Trust: 0.8
db:	JVN	id:	JVNVU94844193	Trust: 0.8
db:	JVNDB	id:	JVNDB-2016-002472	Trust: 0.8
db:	CNNVD	id:	CNNVD-201605-081	Trust: 0.7
db:	AUSCERT	id:	ESB-2022.0696	Trust: 0.6
db:	AUSCERT	id:	ESB-2019.2148	Trust: 0.6
db:	PACKETSTORM	id:	143513	Trust: 0.2
db:	PACKETSTORM	id:	136895	Trust: 0.2
db:	PACKETSTORM	id:	140056	Trust: 0.2
db:	PACKETSTORM	id:	138471	Trust: 0.1
db:	PACKETSTORM	id:	142803	Trust: 0.1
db:	PACKETSTORM	id:	138472	Trust: 0.1
db:	PACKETSTORM	id:	136893	Trust: 0.1
db:	PACKETSTORM	id:	136919	Trust: 0.1
db:	PACKETSTORM	id:	139379	Trust: 0.1
db:	VULHUB	id:	VHN-90924	Trust: 0.1
db:	PACKETSTORM	id:	136958	Trust: 0.1
db:	PACKETSTORM	id:	136937	Trust: 0.1
db:	PACKETSTORM	id:	139167	Trust: 0.1
db:	PACKETSTORM	id:	139116	Trust: 0.1
db:	PACKETSTORM	id:	140182	Trust: 0.1

sources: VULHUB: VHN-90924 // PACKETSTORM: 140056 // PACKETSTORM: 136958 // PACKETSTORM: 136937 // PACKETSTORM: 136895 // PACKETSTORM: 143513 // PACKETSTORM: 139167 // PACKETSTORM: 139116 // PACKETSTORM: 140182 // CNNVD: CNNVD-201605-081 // JVNDB: JVNDB-2016-002472 // NVD: CVE-2016-2105

REFERENCES

url:	http://www.securityfocus.com/bid/89757	Trust: 2.3
url:	http://www.securityfocus.com/bid/91787	Trust: 2.3
url:	http://www.debian.org/security/2016/dsa-3566	Trust: 2.3
url:	http://packetstormsecurity.com/files/136912/slackware-security-advisory-openssl-updates.html	Trust: 2.3
url:	https://security.gentoo.org/glsa/201612-16	Trust: 1.8
url:	http://rhn.redhat.com/errata/rhsa-2016-0722.html	Trust: 1.8
url:	http://rhn.redhat.com/errata/rhsa-2016-0996.html	Trust: 1.8
url:	http://rhn.redhat.com/errata/rhsa-2016-2056.html	Trust: 1.8
url:	http://rhn.redhat.com/errata/rhsa-2016-2073.html	Trust: 1.8
url:	http://rhn.redhat.com/errata/rhsa-2016-2957.html	Trust: 1.8
url:	http://www.ubuntu.com/usn/usn-2959-1	Trust: 1.8
url:	http://lists.apple.com/archives/security-announce/2016/jul/msg00000.html	Trust: 1.7
url:	http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20160504-openssl	Trust: 1.7
url:	http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html	Trust: 1.7
url:	http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html	Trust: 1.7
url:	http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html	Trust: 1.7
url:	http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html	Trust: 1.7
url:	http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html	Trust: 1.7
url:	http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html	Trust: 1.7
url:	http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html	Trust: 1.7
url:	http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html	Trust: 1.7
url:	http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html	Trust: 1.7
url:	https://bto.bluecoat.com/security-advisory/sa123	Trust: 1.7
url:	https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf	Trust: 1.7
url:	https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c05320149	Trust: 1.7
url:	https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c05390722	Trust: 1.7
url:	https://security.netapp.com/advisory/ntap-20160504-0001/	Trust: 1.7
url:	https://source.android.com/security/bulletin/pixel/2017-11-01	Trust: 1.7
url:	https://support.apple.com/ht206903	Trust: 1.7
url:	https://www.openssl.org/news/secadv/20160503.txt	Trust: 1.7
url:	https://www.tenable.com/security/tns-2016-18	Trust: 1.7
url:	http://lists.fedoraproject.org/pipermail/package-announce/2016-may/183457.html	Trust: 1.7
url:	http://lists.fedoraproject.org/pipermail/package-announce/2016-may/183607.html	Trust: 1.7
url:	http://lists.fedoraproject.org/pipermail/package-announce/2016-may/184605.html	Trust: 1.7
url:	https://www.freebsd.org/security/advisories/freebsd-sa-16:17.openssl.asc	Trust: 1.7
url:	http://rhn.redhat.com/errata/rhsa-2016-1648.html	Trust: 1.7
url:	http://rhn.redhat.com/errata/rhsa-2016-1649.html	Trust: 1.7
url:	http://rhn.redhat.com/errata/rhsa-2016-1650.html	Trust: 1.7
url:	http://www.securitytracker.com/id/1035721	Trust: 1.7
url:	http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00001.html	Trust: 1.7
url:	http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00008.html	Trust: 1.7
url:	http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00010.html	Trust: 1.7
url:	http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00011.html	Trust: 1.7
url:	http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00029.html	Trust: 1.7
url:	http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00036.html	Trust: 1.7
url:	http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00055.html	Trust: 1.7
url:	http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00013.html	Trust: 1.7
url:	http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00014.html	Trust: 1.7
url:	http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00015.html	Trust: 1.7
url:	http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00016.html	Trust: 1.7
url:	http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00017.html	Trust: 1.7
url:	http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00018.html	Trust: 1.7
url:	http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00019.html	Trust: 1.7
url:	http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00030.html	Trust: 1.7
url:	http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00019.html	Trust: 1.7
url:	https://h20566.www2.hpe.com/hpsc/doc/public/display?doclocale=en_us&docid=emr_na-hpesbhf03756en_us	Trust: 1.6
url:	https://h20566.www2.hpe.com/hpsc/doc/public/display?doclocale=en_us&docid=emr_na-hpesbhf03765en_us	Trust: 1.6
url:	https://kc.mcafee.com/corporate/index?page=content&id=sb10160	Trust: 1.6
url:	http://www.slackware.com/security/viewer.php?l=slackware-security&y=2016&m=slackware-security.542103	Trust: 1.6
url:	http://kb.juniper.net/infocenter/index?page=content&id=jsa10759	Trust: 1.6
url:	https://git.openssl.org/?p=openssl.git%3ba=commit%3bh=5b814481f3573fa9677f3a31ee51322e2a22ee6a	Trust: 1.0
url:	https://nvd.nist.gov/vuln/detail/cve-2016-2109	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2016-2106	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2016-2108	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2016-2105	Trust: 0.8
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-2105	Trust: 0.8
url:	http://jvn.jp/vu/jvnvu93163809/	Trust: 0.8
url:	http://jvn.jp/vu/jvnvu94844193/index.html	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-2105	Trust: 0.8
url:	http://www.aratana.jp/security/detail.php?id=16	Trust: 0.8
url:	https://git.openssl.org/?p=openssl.git;a=commit;h=5b814481f3573fa9677f3a31ee51322e2a22ee6a	Trust: 0.7
url:	https://nvd.nist.gov/vuln/detail/cve-2016-2107	Trust: 0.7
url:	https://www.auscert.org.au/bulletins/esb-2022.0696	Trust: 0.6
url:	http://www.ibm.com/support/docview.wss?uid=ibm10887855	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2019.2148/	Trust: 0.6
url:	https://access.redhat.com/security/cve/cve-2016-2109	Trust: 0.5
url:	https://access.redhat.com/security/updates/classification/#important	Trust: 0.5
url:	https://access.redhat.com/security/cve/cve-2016-2106	Trust: 0.5
url:	https://access.redhat.com/security/cve/cve-2016-2105	Trust: 0.5
url:	https://access.redhat.com/security/team/contact/	Trust: 0.5
url:	https://www.redhat.com/mailman/listinfo/rhsa-announce	Trust: 0.5
url:	https://bugzilla.redhat.com/):	Trust: 0.5
url:	https://access.redhat.com/security/cve/cve-2016-2108	Trust: 0.5
url:	https://access.redhat.com/security/cve/cve-2016-2107	Trust: 0.4
url:	https://nvd.nist.gov/vuln/detail/cve-2016-0799	Trust: 0.4
url:	https://access.redhat.com/security/cve/cve-2016-2842	Trust: 0.4
url:	https://access.redhat.com/security/cve/cve-2016-0799	Trust: 0.4
url:	https://access.redhat.com/articles/11258	Trust: 0.3
url:	https://nvd.nist.gov/vuln/detail/cve-2016-2842	Trust: 0.3
url:	https://access.redhat.com/security/team/key/	Trust: 0.3
url:	https://nvd.nist.gov/vuln/detail/cve-2016-2176	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2015-3195	Trust: 0.2
url:	https://access.redhat.com/security/cve/cve-2016-4459	Trust: 0.2
url:	https://access.redhat.com/security/cve/cve-2015-3195	Trust: 0.2
url:	http://kb.juniper.net/infocenter/index?page=content&id=jsa10759	Trust: 0.1
url:	https://h20566.www2.hpe.com/hpsc/doc/public/display?doclocale=en_us&docid=emr_na-hpesbhf03756en_us	Trust: 0.1
url:	https://h20566.www2.hpe.com/hpsc/doc/public/display?doclocale=en_us&docid=emr_na-hpesbhf03765en_us	Trust: 0.1
url:	https://kc.mcafee.com/corporate/index?page=content&id=sb10160	Trust: 0.1
url:	http://www.slackware.com/security/viewer.php?l=slackware-security&y=2016&m=slackware-security.542103	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2016-2180	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-2105	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2016-2178	Trust: 0.1
url:	https://security.gentoo.org/	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-2183	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-2107	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-2178	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-2176	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2016-2177	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2016-7052	Trust: 0.1
url:	http://creativecommons.org/licenses/by-sa/2.5	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-6304	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-6305	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-2106	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-2108	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-7052	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2016-6306	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-2109	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2016-6304	Trust: 0.1
url:	http://eprint.iacr.org/2016/594.pdf	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2016-6305	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-2180	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-2177	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2016-2183	Trust: 0.1
url:	https://bugs.gentoo.org.	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-6306	Trust: 0.1
url:	https://launchpad.net/ubuntu/+source/openssl/1.0.2d-0ubuntu1.5	Trust: 0.1
url:	https://launchpad.net/ubuntu/+source/openssl/1.0.1f-1ubuntu2.19	Trust: 0.1
url:	https://launchpad.net/ubuntu/+source/openssl/1.0.2g-1ubuntu4.1	Trust: 0.1
url:	https://launchpad.net/ubuntu/+source/openssl/1.0.1-4ubuntu5.36	Trust: 0.1
url:	https://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-hpesbhf03765en_us	Trust: 0.1
url:	http://www.hpe.com/support/security_bulletin_archive	Trust: 0.1
url:	https://www.hpe.com/info/report-security-vulnerability	Trust: 0.1
url:	http://www.hpe.com/support/subscriber_choice	Trust: 0.1
url:	http://h20565.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-a00006123en_	Trust: 0.1
url:	https://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c01345499	Trust: 0.1
url:	https://access.redhat.com/articles/2688611	Trust: 0.1
url:	https://access.redhat.com/solutions/222023	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2016-4459	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2015-4000	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2015-4000	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2015-3183	Trust: 0.1
url:	https://access.redhat.com/documentation/en/jboss-enterprise-application-platform/	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2016-3110	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2015-3183	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2016-3110	Trust: 0.1
url:	https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?product=appplatform&downloadtype=securitypatches&version=6.4	Trust: 0.1
url:	https://issues.jboss.org/):	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2016-0705	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2015-3196	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2016-4448	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2015-3216	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2016-0702	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2016-0797	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2014-8176	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2016-6808	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2016-1835	Trust: 0.1
url:	https://access.redhat.com/documentation/en/red-hat-jboss-core-services-apache-http-server/version-2.4.23/apache-http-server-2423-release-notes/	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2016-3705	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2016-1838	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2015-3196	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2016-1839	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2014-3523	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2016-2177	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2016-4483	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2014-3523	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2016-8612	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2012-1148	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2016-1840	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2016-0797	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2015-3185	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2016-1836	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2016-0705	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2015-3185	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2015-3194	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2016-1833	Trust: 0.1
url:	https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?product=core.service.apachehttp&downloadtype=distributions&version=2.4.23	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2014-8176	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2016-1840	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2016-1836	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2016-1762	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2016-1835	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2016-4449	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2015-0286	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2016-1762	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2016-5420	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2016-2178	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2015-3194	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2015-0286	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2016-3627	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2012-1148	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2016-1837	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2016-1834	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2015-0209	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2016-1837	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2016-1839	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2016-5419	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2015-0209	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2016-0702	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2015-3216	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2016-1838	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2016-1833	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2016-1834	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2016-4447	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2016-7141	Trust: 0.1

CREDITS

Guido Vranken

Trust: 0.6

sources: CNNVD: CNNVD-201605-081

SOURCES

db:	VULHUB	id:	VHN-90924
db:	PACKETSTORM	id:	140056
db:	PACKETSTORM	id:	136958
db:	PACKETSTORM	id:	136937
db:	PACKETSTORM	id:	136895
db:	PACKETSTORM	id:	143513
db:	PACKETSTORM	id:	139167
db:	PACKETSTORM	id:	139116
db:	PACKETSTORM	id:	140182
db:	CNNVD	id:	CNNVD-201605-081
db:	JVNDB	id:	JVNDB-2016-002472
db:	NVD	id:	CVE-2016-2105

LAST UPDATE DATE

2026-02-26T22:20:40.783000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-90924	date:	2022-12-13T00:00:00
db:	CNNVD	id:	CNNVD-201605-081	date:	2022-12-14T00:00:00
db:	JVNDB	id:	JVNDB-2016-002472	date:	2017-10-03T00:00:00
db:	NVD	id:	CVE-2016-2105	date:	2025-04-12T10:46:40.837

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-90924	date:	2016-05-05T00:00:00
db:	PACKETSTORM	id:	140056	date:	2016-12-07T16:37:31
db:	PACKETSTORM	id:	136958	date:	2016-05-10T17:01:56
db:	PACKETSTORM	id:	136937	date:	2016-05-09T14:05:44
db:	PACKETSTORM	id:	136895	date:	2016-05-03T22:56:05
db:	PACKETSTORM	id:	143513	date:	2017-07-26T17:44:00
db:	PACKETSTORM	id:	139167	date:	2016-10-18T13:58:46
db:	PACKETSTORM	id:	139116	date:	2016-10-12T23:44:55
db:	PACKETSTORM	id:	140182	date:	2016-12-16T16:34:49
db:	CNNVD	id:	CNNVD-201605-081	date:	2016-05-04T00:00:00
db:	JVNDB	id:	JVNDB-2016-002472	date:	2016-05-10T00:00:00
db:	NVD	id:	CVE-2016-2105	date:	2016-05-05T01:59:01.200