CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:N/I:N/A:C
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
AI Score
Confidence
Low
EPSS
Percentile
97.8%
Shi Lei discovered that OpenSSL incorrectly handled the OCSP Status Request
extension. A remote attacker could possibly use this issue to cause memory
consumption, resulting in a denial of service. (CVE-2016-6304)
Guido Vranken discovered that OpenSSL used undefined behaviour when
performing pointer arithmetic. A remote attacker could possibly use this
issue to cause OpenSSL to crash, resulting in a denial of service. This
issue has only been addressed in Ubuntu 16.04 LTS in this update.
(CVE-2016-2177)
César Pereida, Billy Brumley, and Yuval Yarom discovered that OpenSSL
did not properly use constant-time operations when performing DSA signing.
A remote attacker could possibly use this issue to perform a cache-timing
attack and recover private DSA keys. (CVE-2016-2178)
Quan Luo discovered that OpenSSL did not properly restrict the lifetime
of queue entries in the DTLS implementation. A remote attacker could
possibly use this issue to consume memory, resulting in a denial of
service. (CVE-2016-2179)
Shi Lei discovered that OpenSSL incorrectly handled memory in the
TS_OBJ_print_bio() function. A remote attacker could possibly use this
issue to cause a denial of service. (CVE-2016-2180)
It was discovered that the OpenSSL incorrectly handled the DTLS anti-replay
feature. A remote attacker could possibly use this issue to cause a denial
of service. (CVE-2016-2181)
Shi Lei discovered that OpenSSL incorrectly validated division results. A
remote attacker could possibly use this issue to cause a denial of service.
(CVE-2016-2182)
Karthik Bhargavan and Gaetan Leurent discovered that the DES and Triple DES
ciphers were vulnerable to birthday attacks. A remote attacker could
possibly use this flaw to obtain clear text data from long encrypted
sessions. This update moves DES from the HIGH cipher list to MEDIUM.
(CVE-2016-2183)
Shi Lei discovered that OpenSSL incorrectly handled certain ticket lengths.
A remote attacker could use this issue to cause a denial of service.
(CVE-2016-6302)
Shi Lei discovered that OpenSSL incorrectly handled memory in the
MDC2_Update() function. A remote attacker could possibly use this issue to
cause a denial of service. (CVE-2016-6303)
Shi Lei discovered that OpenSSL incorrectly performed certain message
length checks. A remote attacker could possibly use this issue to cause a
denial of service. (CVE-2016-6306)
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
Ubuntu | 16.04 | noarch | libssl1.0.0 | < 1.0.2g-1ubuntu4.4 | UNKNOWN |
Ubuntu | 16.04 | noarch | libcrypto1.0.0-udeb | < 1.0.2g-1ubuntu4.4 | UNKNOWN |
Ubuntu | 16.04 | noarch | libcrypto1.0.0-udeb-dbgsym | < 1.0.2g-1ubuntu4.4 | UNKNOWN |
Ubuntu | 16.04 | noarch | libssl-dev | < 1.0.2g-1ubuntu4.4 | UNKNOWN |
Ubuntu | 16.04 | noarch | libssl-dev-dbgsym | < 1.0.2g-1ubuntu4.4 | UNKNOWN |
Ubuntu | 16.04 | noarch | libssl-doc | < 1.0.2g-1ubuntu4.4 | UNKNOWN |
Ubuntu | 16.04 | noarch | libssl1.0.0-dbg | < 1.0.2g-1ubuntu4.4 | UNKNOWN |
Ubuntu | 16.04 | noarch | libssl1.0.0-dbgsym | < 1.0.2g-1ubuntu4.4 | UNKNOWN |
Ubuntu | 16.04 | noarch | libssl1.0.0-udeb | < 1.0.2g-1ubuntu4.4 | UNKNOWN |
Ubuntu | 16.04 | noarch | libssl1.0.0-udeb-dbgsym | < 1.0.2g-1ubuntu4.4 | UNKNOWN |
ubuntu.com/security/CVE-2016-2177
ubuntu.com/security/CVE-2016-2178
ubuntu.com/security/CVE-2016-2179
ubuntu.com/security/CVE-2016-2180
ubuntu.com/security/CVE-2016-2181
ubuntu.com/security/CVE-2016-2182
ubuntu.com/security/CVE-2016-2183
ubuntu.com/security/CVE-2016-6302
ubuntu.com/security/CVE-2016-6303
ubuntu.com/security/CVE-2016-6304
ubuntu.com/security/CVE-2016-6306
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:N/I:N/A:C
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
AI Score
Confidence
Low
EPSS
Percentile
97.8%