Lucene search

K
mageiaGentoo FoundationMGASA-2017-0042
HistoryFeb 05, 2017 - 11:42 p.m.

Updated openssl packages fix security vulnerability

2017-02-0523:42:41
Gentoo Foundation
advisories.mageia.org
46

CVSS2

5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

EPSS

0.046

Percentile

92.5%

There is a carry propagation bug in the Broadwell-specific Montgomery multiplication procedure that handles input lengths divisible by, but longer than 256 bits. mong EC algorithms only Brainpool P-512 curves are affected and one presumably can attack ECDH key negotiation (CVE-2016-7055). If an SSL/TLS server or client is running on a 32-bit host, and a specific cipher is being used, then a truncated packet can cause that server or client to perform an out-of-bounds read, usually resulting in a crash. The crash can be triggered when using RC4-MD5, if it has not been disabled (CVE-2017-3731). There is a carry propagating bug in the x86_64 Montgomery squaring procedure. An attacker would need online access to an unpatched system using the target private key in a scenario with persistent DH parameters and a private key that is shared between multiple clients (CVE-2017-3732).

OSVersionArchitecturePackageVersionFilename
Mageia5noarchopenssl< 1.0.2k-1openssl-1.0.2k-1.mga5

CVSS2

5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

EPSS

0.046

Percentile

92.5%