ID

VAR-201609-0597

CVE

CVE-2016-2183

TITLE

SSL/TLS Protocol CVE-2016-2183 Information Disclosure Vulnerability

DESCRIPTION

The DES and Triple DES ciphers, as used in the TLS, SSH, and IPSec protocols and other protocols and products, have a birthday bound of approximately four billion blocks, which makes it easier for remote attackers to obtain cleartext data via a birthday attack against a long-duration encrypted session, as demonstrated by an HTTPS session using Triple DES in CBC mode, aka a "Sweet32" attack. SSL/TLS Protocol is prone to an information-disclosure vulnerability Attackers can exploit this issue to obtain sensitive information that may aid in launching further attacks. IPSec (full name Internet Protocol Security) is a set of IP security protocols established by the IPSec group of the Internet Engineering Task Force (IETF). Both DES and Triple DES are encryption algorithms. There are information leakage vulnerabilities in the DES and Triple DES encryption algorithms used in the TLS, SSH, and IPSec protocols and other protocols and products. This vulnerability stems from configuration errors in network systems or products during operation. 6) - i386, x86_64 3. (CVE-2016-2183, CVE-2016-5546, CVE-2016-5548, CVE-2016-5549, CVE-2016-5552, CVE-2017-3231, CVE-2017-3241, CVE-2017-3252, CVE-2017-3253, CVE-2017-3259, CVE-2017-3261, CVE-2017-3272) 4. Bugs fixed (https://bugzilla.redhat.com/): 1369383 - CVE-2016-2183 SSL/TLS: Birthday attack against 64-bit block ciphers (SWEET32) 1413554 - CVE-2017-3272 OpenJDK: insufficient protected field access checks in atomic field updaters (Libraries, 8165344) 1413583 - CVE-2017-3253 OpenJDK: imageio PNGImageReader failed to honor ignoreMetadata for iTXt and zTXt chunks (2D, 8166988) 1413653 - CVE-2017-3261 OpenJDK: integer overflow in SocketOutputStream boundary check (Networking, 8164147) 1413717 - CVE-2017-3231 OpenJDK: URLClassLoader insufficient access control checks (Networking, 8151934) 1413882 - CVE-2016-5552 OpenJDK: incorrect URL parsing in URLStreamHandler (Networking, 8167223) 1413906 - CVE-2017-3252 OpenJDK: LdapLoginModule incorrect userDN extraction (JAAS, 8161743) 1413911 - CVE-2016-5546 OpenJDK: incorrect ECDSA signature extraction from the DER input (Libraries, 8168714) 1413920 - CVE-2016-5548 OpenJDK: DSA implementation timing attack (Libraries, 8168728) 1413923 - CVE-2016-5549 OpenJDK: ECDSA implementation timing attack (Libraries, 8168724) 1413955 - CVE-2017-3241 OpenJDK: untrusted input deserialization in RMI registry and DCG (RMI, 8156802) 1414163 - CVE-2017-3259 Oracle JDK: unspecified vulnerability fixed in 6u141, 7u131, and 8u121 (Deployment) 6. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Note: the current version of the following document is available here: https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c05369415 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c05369415 Version: 1 HPSBGN03690 rev.1 - HPE Real User Monitor (RUM), Remote Disclosure of Information NOTICE: The information in this Security Bulletin should be acted upon as soon as possible. Release Date: 2017-01-18 Last Updated: 2017-01-18 Potential Security Impact: Remote: Disclosure of Information Source: Hewlett Packard Enterprise, Product Security Response Team VULNERABILITY SUMMARY A security vulnerability in DES/3DES block ciphers used in the TLS protocol, could potentially impact HPE Real User Monitor (RUM) resulting in remote disclosure of information also known as the SWEET32 attack. References: - CVE-2016-2183 - SWEET32 SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. - HP Real User Monitor Software Series v9.2x, v9.30 BACKGROUND CVSS Base Metrics ================= Reference, CVSS V3 Score/Vector, CVSS V2 Score/Vector CVE-2016-2183 5.3 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N 5.0 (AV:N/AC:L/Au:N/C:P/I:N/A:N) Information on CVSS is documented in HPE Customer Notice HPSN-2008-002 here: https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c01345499 RESOLUTION HPE has provided the following mitigation information to resolve the vulnerability for impacted versions of HPE Real User Monitor (RUM): * <https://softwaresupport.hpe.com/group/softwaresupport/search-result/-/facets arch/document/KM02683527> HISTORY Version:1 (rev.1) - 18 January 2017 Initial release Third Party Security Patches: Third party security patches that are to be installed on systems running Hewlett Packard Enterprise (HPE) software products should be applied in accordance with the customer's patch management policy. Support: For issues about implementing the recommendations of this Security Bulletin, contact normal HPE Services support channel. For other issues about the content of this Security Bulletin, send e-mail to security-alert@hpe.com. Report: To report a potential security vulnerability for any HPE supported product: Web form: https://www.hpe.com/info/report-security-vulnerability Email: security-alert@hpe.com Subscribe: To initiate a subscription to receive future HPE Security Bulletin alerts via Email: http://www.hpe.com/support/Subscriber_Choice Security Bulletin Archive: A list of recently released Security Bulletins is available here: http://www.hpe.com/support/Security_Bulletin_Archive Software Product Category: The Software Product Category is represented in the title by the two characters following HPSB. 3C = 3COM 3P = 3rd Party Software GN = HPE General Software HF = HPE Hardware and Firmware MU = Multi-Platform Software NS = NonStop Servers OV = OpenVMS PV = ProCurve ST = Storage Software UX = HP-UX Copyright 2016 Hewlett Packard Enterprise Hewlett Packard Enterprise shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental,special or consequential damages including downtime cost; lost profits; damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett Packard Enterprise and the names of Hewlett Packard Enterprise products referenced herein are trademarks of Hewlett Packard Enterprise in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners. Description: The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL) and Transport Layer Security (TLS) protocols, as well as a full-strength general-purpose cryptography library. Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages (JSP) technologies. This release provides an update to httpd, OpenSSL and Tomcat 6/7 for Red Hat JBoss Web Server 2.1.2. The updates are documented in the Release Notes document linked to in the References. This release of Red Hat JBoss Web Server 2.1.2 Service Pack 2 serves as a update for Red Hat JBoss Web Server 2, and includes bug fixes, which are documented in the Release Notes document linked to in the References. Security Fix(es): * It was discovered that the httpd's mod_auth_digest module did not properly initialize memory before using it when processing certain headers related to digest authentication. A remote attacker could possibly use this flaw to disclose potentially sensitive information or cause httpd child process to crash by sending specially crafted requests to a server. (CVE-2017-9788) * A vulnerability was discovered in Tomcat where if a servlet context was configured with readonly=false and HTTP PUT requests were allowed, an attacker could upload a JSP file to that context and achieve code execution. (CVE-2017-12615) * A vulnerability was discovered in Tomcat where if a servlet context was configured with readonly=false and HTTP PUT requests were allowed, an attacker could upload a JSP file to that context and achieve code execution. (CVE-2017-12617) * A flaw was found in the way the DES/3DES cipher was used as part of the TLS/SSL protocol. A man-in-the-middle attacker could use this flaw to recover some plaintext data by capturing large amounts of encrypted traffic between TLS/SSL server and client if the communication used a DES/3DES based ciphersuite. (CVE-2016-2183) * A use-after-free flaw was found in the way httpd handled invalid and previously unregistered HTTP methods specified in the Limit directive used in an .htaccess file. A remote attacker could possibly use this flaw to disclose portions of the server memory, or cause httpd child process to crash. (CVE-2017-9798) Red Hat would like to thank OpenVPN for reporting CVE-2016-2183 and Hanno BAPck for reporting CVE-2017-9798. Upstream acknowledges Karthikeyan Bhargavan (Inria) and GaA<<tan Leurent (Inria) as the original reporters of CVE-2016-2183. Bug Fix(es): * Corruption in nodestatsmem in multiple core dumps but in different functions of each core dump. (BZ#1338640) * mod_cluster segfaults in process_info() due to wrongly generated assembler instruction movslq (BZ#1448709) * CRL checking of very large CRLs fails with OpenSSL 1.0.2 (BZ#1493075) 4. Solution: Before applying the update, back up your existing Red Hat JBoss Web Server installation (including all applications and configuration files). After installing the updated packages, the httpd daemon will be restarted automatically. Bugs fixed (https://bugzilla.redhat.com/): 1369383 - CVE-2016-2183 SSL/TLS: Birthday attack against 64-bit block ciphers (SWEET32) 1470748 - CVE-2017-9788 httpd: Uninitialized memory reflection in mod_auth_digest 1490344 - CVE-2017-9798 httpd: Use-after-free by limiting unregistered HTTP method (Optionsbleed) 1493075 - Unable to load large CRL openssl problem 1493220 - CVE-2017-12615 tomcat: Remote Code Execution via JSP Upload 1494283 - CVE-2017-12617 tomcat: Remote Code Execution bypass for CVE-2017-12615 6. (BZ#1508885) 3. The References section of this erratum contains a download link (you must log in to download the update). The JBoss server process must be restarted for the update to take effect. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201707-01 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - https://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: IcedTea: Multiple vulnerabilities Date: July 05, 2017 Bugs: #607676, #609562, #618874, #619458 ID: 201707-01 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== Multiple vulnerabilities have been found in IcedTea, the worst of which may allow execution of arbitrary code. Background ========== IcedTea's aim is to provide OpenJDK in a form suitable for easy configuration, compilation and distribution with the primary goal of allowing inclusion in GNU/Linux distributions. Affected packages ================= ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 dev-java/icedtea-bin < 3.4.0 >= 3.4.0 < 7.2.6.10 >= 7.2.6.10 Description =========== Multiple vulnerabilities have been discovered in IcedTea. Please review the CVE identifiers referenced below for details. Note: If the web browser plug-in provided by the dev-java/icedtea-web package was installed, the issues exposed via Java applets could have been exploited without user interaction if a user visited a malicious website. Workaround ========== There is no known workaround at this time. Resolution ========== All IcedTea binary 7.x users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot -v ">=dev-java/icedtea-bin-7.2.6.10:7" All IcedTea binary 3.x users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=dev-java/icedtea-bin-3.4.0:8" References ========== [ 1 ] CVE-2016-2183 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2183 [ 2 ] CVE-2016-5546 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5546 [ 3 ] CVE-2016-5547 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5547 [ 4 ] CVE-2016-5548 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5548 [ 5 ] CVE-2016-5549 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5549 [ 6 ] CVE-2016-5552 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5552 [ 7 ] CVE-2017-3231 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-3231 [ 8 ] CVE-2017-3241 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-3241 [ 9 ] CVE-2017-3252 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-3252 [ 10 ] CVE-2017-3253 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-3253 [ 11 ] CVE-2017-3260 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-3260 [ 12 ] CVE-2017-3261 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-3261 [ 13 ] CVE-2017-3272 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-3272 [ 14 ] CVE-2017-3289 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-3289 [ 15 ] CVE-2017-3509 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-3509 [ 16 ] CVE-2017-3511 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-3511 [ 17 ] CVE-2017-3512 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-3512 [ 18 ] CVE-2017-3514 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-3514 [ 19 ] CVE-2017-3526 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-3526 [ 20 ] CVE-2017-3533 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-3533 [ 21 ] CVE-2017-3539 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-3539 [ 22 ] CVE-2017-3544 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-3544 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: https://security.gentoo.org/glsa/201707-01 Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org. License ======= Copyright 2017 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5 --eW2Ih3ajF3BNoJIAD1VrIt2me1kNx637S-- . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: java-1.8.0-ibm security update Advisory ID: RHSA-2017:0462-01 Product: Red Hat Enterprise Linux Supplementary Advisory URL: https://rhn.redhat.com/errata/RHSA-2017-0462.html Issue date: 2017-03-08 CVE Names: CVE-2016-2183 ===================================================================== 1. Summary: An update for java-1.8.0-ibm is now available for Red Hat Enterprise Linux 6 Supplementary and Red Hat Enterprise Linux 7 Supplementary. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Client Supplementary (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode Supplementary (v. 7) - x86_64 Red Hat Enterprise Linux Desktop Supplementary (v. 6) - i386, x86_64 Red Hat Enterprise Linux HPC Node Supplementary (v. 6) - x86_64 Red Hat Enterprise Linux Server Supplementary (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Supplementary (v. 7) - ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Workstation Supplementary (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation Supplementary (v. 7) - x86_64 3. Description: IBM Java SE version 8 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update upgrades IBM Java SE 8 to version 8 SR4-FP1. Security Fix(es): * This update fixes a vulnerability in the IBM Java Runtime Environment and the IBM Java Software Development Kit. Further information about this flaw can be found on the IBM Java Security alerts page, listed in the References section. (CVE-2016-2183) 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 All running instances of IBM Java must be restarted for this update to take effect. 5. Bugs fixed (https://bugzilla.redhat.com/): 1369383 - CVE-2016-2183 SSL/TLS: Birthday attack against 64-bit block ciphers (SWEET32) 6. Package List: Red Hat Enterprise Linux Desktop Supplementary (v. 6): i386: java-1.8.0-ibm-1.8.0.4.1-1jpp.1.el6_8.i686.rpm java-1.8.0-ibm-demo-1.8.0.4.1-1jpp.1.el6_8.i686.rpm java-1.8.0-ibm-devel-1.8.0.4.1-1jpp.1.el6_8.i686.rpm java-1.8.0-ibm-jdbc-1.8.0.4.1-1jpp.1.el6_8.i686.rpm java-1.8.0-ibm-plugin-1.8.0.4.1-1jpp.1.el6_8.i686.rpm java-1.8.0-ibm-src-1.8.0.4.1-1jpp.1.el6_8.i686.rpm x86_64: java-1.8.0-ibm-1.8.0.4.1-1jpp.1.el6_8.x86_64.rpm java-1.8.0-ibm-demo-1.8.0.4.1-1jpp.1.el6_8.x86_64.rpm java-1.8.0-ibm-devel-1.8.0.4.1-1jpp.1.el6_8.x86_64.rpm java-1.8.0-ibm-jdbc-1.8.0.4.1-1jpp.1.el6_8.x86_64.rpm java-1.8.0-ibm-plugin-1.8.0.4.1-1jpp.1.el6_8.x86_64.rpm java-1.8.0-ibm-src-1.8.0.4.1-1jpp.1.el6_8.x86_64.rpm Red Hat Enterprise Linux HPC Node Supplementary (v. 6): x86_64: java-1.8.0-ibm-1.8.0.4.1-1jpp.1.el6_8.x86_64.rpm java-1.8.0-ibm-demo-1.8.0.4.1-1jpp.1.el6_8.x86_64.rpm java-1.8.0-ibm-devel-1.8.0.4.1-1jpp.1.el6_8.x86_64.rpm java-1.8.0-ibm-src-1.8.0.4.1-1jpp.1.el6_8.x86_64.rpm Red Hat Enterprise Linux Server Supplementary (v. 6): i386: java-1.8.0-ibm-1.8.0.4.1-1jpp.1.el6_8.i686.rpm java-1.8.0-ibm-demo-1.8.0.4.1-1jpp.1.el6_8.i686.rpm java-1.8.0-ibm-devel-1.8.0.4.1-1jpp.1.el6_8.i686.rpm java-1.8.0-ibm-jdbc-1.8.0.4.1-1jpp.1.el6_8.i686.rpm java-1.8.0-ibm-plugin-1.8.0.4.1-1jpp.1.el6_8.i686.rpm java-1.8.0-ibm-src-1.8.0.4.1-1jpp.1.el6_8.i686.rpm ppc64: java-1.8.0-ibm-1.8.0.4.1-1jpp.1.el6_8.ppc64.rpm java-1.8.0-ibm-demo-1.8.0.4.1-1jpp.1.el6_8.ppc64.rpm java-1.8.0-ibm-devel-1.8.0.4.1-1jpp.1.el6_8.ppc64.rpm java-1.8.0-ibm-jdbc-1.8.0.4.1-1jpp.1.el6_8.ppc64.rpm java-1.8.0-ibm-src-1.8.0.4.1-1jpp.1.el6_8.ppc64.rpm s390x: java-1.8.0-ibm-1.8.0.4.1-1jpp.1.el6_8.s390x.rpm java-1.8.0-ibm-demo-1.8.0.4.1-1jpp.1.el6_8.s390x.rpm java-1.8.0-ibm-devel-1.8.0.4.1-1jpp.1.el6_8.s390x.rpm java-1.8.0-ibm-jdbc-1.8.0.4.1-1jpp.1.el6_8.s390x.rpm java-1.8.0-ibm-src-1.8.0.4.1-1jpp.1.el6_8.s390x.rpm x86_64: java-1.8.0-ibm-1.8.0.4.1-1jpp.1.el6_8.x86_64.rpm java-1.8.0-ibm-demo-1.8.0.4.1-1jpp.1.el6_8.x86_64.rpm java-1.8.0-ibm-devel-1.8.0.4.1-1jpp.1.el6_8.x86_64.rpm java-1.8.0-ibm-jdbc-1.8.0.4.1-1jpp.1.el6_8.x86_64.rpm java-1.8.0-ibm-plugin-1.8.0.4.1-1jpp.1.el6_8.x86_64.rpm java-1.8.0-ibm-src-1.8.0.4.1-1jpp.1.el6_8.x86_64.rpm Red Hat Enterprise Linux Workstation Supplementary (v. 6): i386: java-1.8.0-ibm-1.8.0.4.1-1jpp.1.el6_8.i686.rpm java-1.8.0-ibm-demo-1.8.0.4.1-1jpp.1.el6_8.i686.rpm java-1.8.0-ibm-devel-1.8.0.4.1-1jpp.1.el6_8.i686.rpm java-1.8.0-ibm-jdbc-1.8.0.4.1-1jpp.1.el6_8.i686.rpm java-1.8.0-ibm-plugin-1.8.0.4.1-1jpp.1.el6_8.i686.rpm java-1.8.0-ibm-src-1.8.0.4.1-1jpp.1.el6_8.i686.rpm x86_64: java-1.8.0-ibm-1.8.0.4.1-1jpp.1.el6_8.x86_64.rpm java-1.8.0-ibm-demo-1.8.0.4.1-1jpp.1.el6_8.x86_64.rpm java-1.8.0-ibm-devel-1.8.0.4.1-1jpp.1.el6_8.x86_64.rpm java-1.8.0-ibm-jdbc-1.8.0.4.1-1jpp.1.el6_8.x86_64.rpm java-1.8.0-ibm-plugin-1.8.0.4.1-1jpp.1.el6_8.x86_64.rpm java-1.8.0-ibm-src-1.8.0.4.1-1jpp.1.el6_8.x86_64.rpm Red Hat Enterprise Linux Client Supplementary (v. 7): x86_64: java-1.8.0-ibm-1.8.0.4.1-1jpp.2.el7.i686.rpm java-1.8.0-ibm-1.8.0.4.1-1jpp.2.el7.x86_64.rpm java-1.8.0-ibm-demo-1.8.0.4.1-1jpp.2.el7.x86_64.rpm java-1.8.0-ibm-devel-1.8.0.4.1-1jpp.2.el7.i686.rpm java-1.8.0-ibm-devel-1.8.0.4.1-1jpp.2.el7.x86_64.rpm java-1.8.0-ibm-jdbc-1.8.0.4.1-1jpp.2.el7.x86_64.rpm java-1.8.0-ibm-plugin-1.8.0.4.1-1jpp.2.el7.x86_64.rpm java-1.8.0-ibm-src-1.8.0.4.1-1jpp.2.el7.x86_64.rpm Red Hat Enterprise Linux ComputeNode Supplementary (v. 7): x86_64: java-1.8.0-ibm-1.8.0.4.1-1jpp.2.el7.i686.rpm java-1.8.0-ibm-1.8.0.4.1-1jpp.2.el7.x86_64.rpm java-1.8.0-ibm-demo-1.8.0.4.1-1jpp.2.el7.x86_64.rpm java-1.8.0-ibm-devel-1.8.0.4.1-1jpp.2.el7.i686.rpm java-1.8.0-ibm-devel-1.8.0.4.1-1jpp.2.el7.x86_64.rpm java-1.8.0-ibm-src-1.8.0.4.1-1jpp.2.el7.x86_64.rpm Red Hat Enterprise Linux Server Supplementary (v. 7): ppc64: java-1.8.0-ibm-1.8.0.4.1-1jpp.2.el7.ppc.rpm java-1.8.0-ibm-1.8.0.4.1-1jpp.2.el7.ppc64.rpm java-1.8.0-ibm-demo-1.8.0.4.1-1jpp.2.el7.ppc64.rpm java-1.8.0-ibm-devel-1.8.0.4.1-1jpp.2.el7.ppc.rpm java-1.8.0-ibm-devel-1.8.0.4.1-1jpp.2.el7.ppc64.rpm java-1.8.0-ibm-jdbc-1.8.0.4.1-1jpp.2.el7.ppc64.rpm java-1.8.0-ibm-plugin-1.8.0.4.1-1jpp.2.el7.ppc64.rpm java-1.8.0-ibm-src-1.8.0.4.1-1jpp.2.el7.ppc64.rpm ppc64le: java-1.8.0-ibm-1.8.0.4.1-1jpp.2.el7.ppc64le.rpm java-1.8.0-ibm-demo-1.8.0.4.1-1jpp.2.el7.ppc64le.rpm java-1.8.0-ibm-devel-1.8.0.4.1-1jpp.2.el7.ppc64le.rpm java-1.8.0-ibm-jdbc-1.8.0.4.1-1jpp.2.el7.ppc64le.rpm java-1.8.0-ibm-src-1.8.0.4.1-1jpp.2.el7.ppc64le.rpm s390x: java-1.8.0-ibm-1.8.0.4.1-1jpp.2.el7.s390.rpm java-1.8.0-ibm-1.8.0.4.1-1jpp.2.el7.s390x.rpm java-1.8.0-ibm-demo-1.8.0.4.1-1jpp.2.el7.s390x.rpm java-1.8.0-ibm-devel-1.8.0.4.1-1jpp.2.el7.s390.rpm java-1.8.0-ibm-devel-1.8.0.4.1-1jpp.2.el7.s390x.rpm java-1.8.0-ibm-jdbc-1.8.0.4.1-1jpp.2.el7.s390x.rpm java-1.8.0-ibm-src-1.8.0.4.1-1jpp.2.el7.s390x.rpm x86_64: java-1.8.0-ibm-1.8.0.4.1-1jpp.2.el7.i686.rpm java-1.8.0-ibm-1.8.0.4.1-1jpp.2.el7.x86_64.rpm java-1.8.0-ibm-demo-1.8.0.4.1-1jpp.2.el7.x86_64.rpm java-1.8.0-ibm-devel-1.8.0.4.1-1jpp.2.el7.i686.rpm java-1.8.0-ibm-devel-1.8.0.4.1-1jpp.2.el7.x86_64.rpm java-1.8.0-ibm-jdbc-1.8.0.4.1-1jpp.2.el7.x86_64.rpm java-1.8.0-ibm-plugin-1.8.0.4.1-1jpp.2.el7.x86_64.rpm java-1.8.0-ibm-src-1.8.0.4.1-1jpp.2.el7.x86_64.rpm Red Hat Enterprise Linux Workstation Supplementary (v. 7): x86_64: java-1.8.0-ibm-1.8.0.4.1-1jpp.2.el7.i686.rpm java-1.8.0-ibm-1.8.0.4.1-1jpp.2.el7.x86_64.rpm java-1.8.0-ibm-demo-1.8.0.4.1-1jpp.2.el7.x86_64.rpm java-1.8.0-ibm-devel-1.8.0.4.1-1jpp.2.el7.i686.rpm java-1.8.0-ibm-devel-1.8.0.4.1-1jpp.2.el7.x86_64.rpm java-1.8.0-ibm-jdbc-1.8.0.4.1-1jpp.2.el7.x86_64.rpm java-1.8.0-ibm-plugin-1.8.0.4.1-1jpp.2.el7.x86_64.rpm java-1.8.0-ibm-src-1.8.0.4.1-1jpp.2.el7.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2016-2183 https://access.redhat.com/security/updates/classification/#moderate https://developer.ibm.com/javasdk/support/security-vulnerabilities/ 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2017 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFYwAfWXlSAg2UNWIIRApdJAJ9aWdfCBOWjqVaBLGFXAtS6LJvZXACgkneE 4LO+U1cfPB3cdxvKJ71gfCg= =89qB -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce . This software, such as Apache HTTP Server, is common to multiple JBoss middleware products, and is packaged under Red Hat JBoss Core Services to allow for faster distribution of updates, and for a more consistent update experience. (CVE-2017-9788) * It was discovered that in httpd 2.4, the internal API function ap_some_auth_required() could incorrectly indicate that a request was authenticated even when no authentication was used. An httpd module using this API function could consequently allow access that should have been denied. OpenSSL Security Advisory [22 Sep 2016] ======================================== OCSP Status Request extension unbounded memory growth (CVE-2016-6304) ===================================================================== Severity: High A malicious client can send an excessively large OCSP Status Request extension. If that client continually requests renegotiation, sending a large OCSP Status Request extension each time, then there will be unbounded memory growth on the server. This will eventually lead to a Denial Of Service attack through memory exhaustion. Servers with a default configuration are vulnerable even if they do not support OCSP. Builds using the "no-ocsp" build time option are not affected. Servers using OpenSSL versions prior to 1.0.1g are not vulnerable in a default configuration, instead only if an application explicitly enables OCSP stapling support. OpenSSL 1.1.0 users should upgrade to 1.1.0a OpenSSL 1.0.2 users should upgrade to 1.0.2i OpenSSL 1.0.1 users should upgrade to 1.0.1u This issue was reported to OpenSSL on 29th August 2016 by Shi Lei (Gear Team, Qihoo 360 Inc.). The fix was developed by Matt Caswell of the OpenSSL development team. SSL_peek() hang on empty record (CVE-2016-6305) =============================================== Severity: Moderate OpenSSL 1.1.0 SSL/TLS will hang during a call to SSL_peek() if the peer sends an empty record. This could be exploited by a malicious peer in a Denial Of Service attack. OpenSSL 1.1.0 users should upgrade to 1.1.0a This issue was reported to OpenSSL on 10th September 2016 by Alex Gaynor. The fix was developed by Matt Caswell of the OpenSSL development team. SWEET32 Mitigation (CVE-2016-2183) ================================== Severity: Low SWEET32 (https://sweet32.info) is an attack on older block cipher algorithms that use a block size of 64 bits. In mitigation for the SWEET32 attack DES based ciphersuites have been moved from the HIGH cipherstring group to MEDIUM in OpenSSL 1.0.1 and OpenSSL 1.0.2. OpenSSL 1.1.0 since release has had these ciphersuites disabled by default. OpenSSL 1.0.2 users should upgrade to 1.0.2i OpenSSL 1.0.1 users should upgrade to 1.0.1u This issue was reported to OpenSSL on 16th August 2016 by Karthikeyan Bhargavan and Gaetan Leurent (INRIA). The fix was developed by Rich Salz of the OpenSSL development team. OOB write in MDC2_Update() (CVE-2016-6303) ========================================== Severity: Low An overflow can occur in MDC2_Update() either if called directly or through the EVP_DigestUpdate() function using MDC2. If an attacker is able to supply very large amounts of input data after a previous call to EVP_EncryptUpdate() with a partial block then a length check can overflow resulting in a heap corruption. The amount of data needed is comparable to SIZE_MAX which is impractical on most platforms. OpenSSL 1.0.2 users should upgrade to 1.0.2i OpenSSL 1.0.1 users should upgrade to 1.0.1u This issue was reported to OpenSSL on 11th August 2016 by Shi Lei (Gear Team, Qihoo 360 Inc.). The fix was developed by Stephen Henson of the OpenSSL development team. Malformed SHA512 ticket DoS (CVE-2016-6302) =========================================== Severity: Low If a server uses SHA512 for TLS session ticket HMAC it is vulnerable to a DoS attack where a malformed ticket will result in an OOB read which will ultimately crash. The use of SHA512 in TLS session tickets is comparatively rare as it requires a custom server callback and ticket lookup mechanism. OpenSSL 1.0.2 users should upgrade to 1.0.2i OpenSSL 1.0.1 users should upgrade to 1.0.1u This issue was reported to OpenSSL on 19th August 2016 by Shi Lei (Gear Team, Qihoo 360 Inc.). The fix was developed by Stephen Henson of the OpenSSL development team. OOB write in BN_bn2dec() (CVE-2016-2182) ======================================== Severity: Low The function BN_bn2dec() does not check the return value of BN_div_word(). This can cause an OOB write if an application uses this function with an overly large BIGNUM. This could be a problem if an overly large certificate or CRL is printed out from an untrusted source. TLS is not affected because record limits will reject an oversized certificate before it is parsed. OpenSSL 1.0.2 users should upgrade to 1.0.2i OpenSSL 1.0.1 users should upgrade to 1.0.1u This issue was reported to OpenSSL on 2nd August 2016 by Shi Lei (Gear Team, Qihoo 360 Inc.). The fix was developed by Stephen Henson of the OpenSSL development team. OOB read in TS_OBJ_print_bio() (CVE-2016-2180) ============================================== Severity: Low The function TS_OBJ_print_bio() misuses OBJ_obj2txt(): the return value is the total length the OID text representation would use and not the amount of data written. This will result in OOB reads when large OIDs are presented. OpenSSL 1.0.2 users should upgrade to 1.0.2i OpenSSL 1.0.1 users should upgrade to 1.0.1u This issue was reported to OpenSSL on 21st July 2016 by Shi Lei (Gear Team, Qihoo 360 Inc.). The fix was developed by Stephen Henson of the OpenSSL development team. Pointer arithmetic undefined behaviour (CVE-2016-2177) ====================================================== Severity: Low Avoid some undefined pointer arithmetic A common idiom in the codebase is to check limits in the following manner: "p + len > limit" Where "p" points to some malloc'd data of SIZE bytes and limit == p + SIZE "len" here could be from some externally supplied data (e.g. from a TLS message). The rules of C pointer arithmetic are such that "p + len" is only well defined where len <= SIZE. Therefore the above idiom is actually undefined behaviour. For example this could cause problems if some malloc implementation provides an address for "p" such that "p + len" actually overflows for values of len that are too big and therefore p + len < limit. OpenSSL 1.0.2 users should upgrade to 1.0.2i OpenSSL 1.0.1 users should upgrade to 1.0.1u This issue was reported to OpenSSL on 4th May 2016 by Guido Vranken. The fix was developed by Matt Caswell of the OpenSSL development team. Constant time flag not preserved in DSA signing (CVE-2016-2178) =============================================================== Severity: Low Operations in the DSA signing algorithm should run in constant time in order to avoid side channel attacks. A flaw in the OpenSSL DSA implementation means that a non-constant time codepath is followed for certain operations. This has been demonstrated through a cache-timing attack to be sufficient for an attacker to recover the private DSA key. OpenSSL 1.0.2 users should upgrade to 1.0.2i OpenSSL 1.0.1 users should upgrade to 1.0.1u This issue was reported to OpenSSL on 23rd May 2016 by César Pereida (Aalto University), Billy Brumley (Tampere University of Technology), and Yuval Yarom (The University of Adelaide and NICTA). The fix was developed by César Pereida. DTLS buffered message DoS (CVE-2016-2179) ========================================= Severity: Low In a DTLS connection where handshake messages are delivered out-of-order those messages that OpenSSL is not yet ready to process will be buffered for later use. Under certain circumstances, a flaw in the logic means that those messages do not get removed from the buffer even though the handshake has been completed. An attacker could force up to approx. 15 messages to remain in the buffer when they are no longer required. These messages will be cleared when the DTLS connection is closed. The default maximum size for a message is 100k. Therefore the attacker could force an additional 1500k to be consumed per connection. By opening many simulataneous connections an attacker could cause a DoS attack through memory exhaustion. OpenSSL 1.0.2 DTLS users should upgrade to 1.0.2i OpenSSL 1.0.1 DTLS users should upgrade to 1.0.1u This issue was reported to OpenSSL on 22nd June 2016 by Quan Luo. The fix was developed by Matt Caswell of the OpenSSL development team. DTLS replay protection DoS (CVE-2016-2181) ========================================== Severity: Low A flaw in the DTLS replay attack protection mechanism means that records that arrive for future epochs update the replay protection "window" before the MAC for the record has been validated. This could be exploited by an attacker by sending a record for the next epoch (which does not have to decrypt or have a valid MAC), with a very large sequence number. This means that all subsequent legitimate packets are dropped causing a denial of service for a specific DTLS connection. OpenSSL 1.0.2 DTLS users should upgrade to 1.0.2i OpenSSL 1.0.1 DTLS users should upgrade to 1.0.1u This issue was reported to OpenSSL on 21st November 2015 by the OCAP audit team. The fix was developed by Matt Caswell of the OpenSSL development team. Certificate message OOB reads (CVE-2016-6306) ============================================= Severity: Low In OpenSSL 1.0.2 and earlier some missing message length checks can result in OOB reads of up to 2 bytes beyond an allocated buffer. There is a theoretical DoS risk but this has not been observed in practice on common platforms. The messages affected are client certificate, client certificate request and server certificate. As a result the attack can only be performed against a client or a server which enables client authentication. OpenSSL 1.1.0 is not affected. OpenSSL 1.0.2 users should upgrade to 1.0.2i OpenSSL 1.0.1 users should upgrade to 1.0.1u This issue was reported to OpenSSL on 22nd August 2016 by Shi Lei (Gear Team, Qihoo 360 Inc.). The fix was developed by Stephen Henson of the OpenSSL development team. Excessive allocation of memory in tls_get_message_header() (CVE-2016-6307) ========================================================================== Severity: Low A TLS message includes 3 bytes for its length in the header for the message. This would allow for messages up to 16Mb in length. Messages of this length are excessive and OpenSSL includes a check to ensure that a peer is sending reasonably sized messages in order to avoid too much memory being consumed to service a connection. A flaw in the logic of version 1.1.0 means that memory for the message is allocated too early, prior to the excessive message length check. Due to way memory is allocated in OpenSSL this could mean an attacker could force up to 21Mb to be allocated to service a connection. This could lead to a Denial of Service through memory exhaustion. However, the excessive message length check still takes place, and this would cause the connection to immediately fail. Assuming that the application calls SSL_free() on the failed conneciton in a timely manner then the 21Mb of allocated memory will then be immediately freed again. Therefore the excessive memory allocation will be transitory in nature. This then means that there is only a security impact if: 1) The application does not call SSL_free() in a timely manner in the event that the connection fails or 2) The application is working in a constrained environment where there is very little free memory or 3) The attacker initiates multiple connection attempts such that there are multiple connections in a state where memory has been allocated for the connection; SSL_free() has not yet been called; and there is insufficient memory to service the multiple requests. Except in the instance of (1) above any Denial Of Service is likely to be transitory because as soon as the connection fails the memory is subsequently freed again in the SSL_free() call. However there is an increased risk during this period of application crashes due to the lack of memory - which would then mean a more serious Denial of Service. This issue does not affect DTLS users. OpenSSL 1.1.0 TLS users should upgrade to 1.1.0a This issue was reported to OpenSSL on 18th September 2016 by Shi Lei (Gear Team, Qihoo 360 Inc.). The fix was developed by Matt Caswell of the OpenSSL development team. Excessive allocation of memory in dtls1_preprocess_fragment() (CVE-2016-6308) ============================================================================= Severity: Low This issue is very similar to CVE-2016-6307. The underlying defect is different but the security analysis and impacts are the same except that it impacts DTLS. A DTLS message includes 3 bytes for its length in the header for the message. This would allow for messages up to 16Mb in length. Messages of this length are excessive and OpenSSL includes a check to ensure that a peer is sending reasonably sized messages in order to avoid too much memory being consumed to service a connection. A flaw in the logic of version 1.1.0 means that memory for the message is allocated too early, prior to the excessive message length check. Due to way memory is allocated in OpenSSL this could mean an attacker could force up to 21Mb to be allocated to service a connection. This could lead to a Denial of Service through memory exhaustion. However, the excessive message length check still takes place, and this would cause the connection to immediately fail. Assuming that the application calls SSL_free() on the failed conneciton in a timely manner then the 21Mb of allocated memory will then be immediately freed again. Therefore the excessive memory allocation will be transitory in nature. This then means that there is only a security impact if: 1) The application does not call SSL_free() in a timely manner in the event that the connection fails or 2) The application is working in a constrained environment where there is very little free memory or 3) The attacker initiates multiple connection attempts such that there are multiple connections in a state where memory has been allocated for the connection; SSL_free() has not yet been called; and there is insufficient memory to service the multiple requests. Except in the instance of (1) above any Denial Of Service is likely to be transitory because as soon as the connection fails the memory is subsequently freed again in the SSL_free() call. However there is an increased risk during this period of application crashes due to the lack of memory - which would then mean a more serious Denial of Service. This issue does not affect TLS users. OpenSSL 1.1.0 DTLS users should upgrade to 1.1.0a This issue was reported to OpenSSL on 18th September 2016 by Shi Lei (Gear Team, Qihoo 360 Inc.). The fix was developed by Matt Caswell of the OpenSSL development team. Note ==== As per our previous announcements and our Release Strategy (https://www.openssl.org/policies/releasestrat.html), support for OpenSSL version 1.0.1 will cease on 31st December 2016. No security updates for that version will be provided after that date. Users of 1.0.1 are advised to upgrade. Support for versions 0.9.8 and 1.0.0 ended on 31st December 2015. Those versions are no longer receiving security updates. References ========== URL for this Security Advisory: https://www.openssl.org/news/secadv/20160922.txt Note: the online version of the advisory may be updated with additional details over time. For details of OpenSSL severity classifications please see: https://www.openssl.org/policies/secpolicy.html

AFFECTED PRODUCTS