Basic search

K
oraclelinuxOracleLinuxELSA-2016-1940
HistorySep 27, 2016 - 12:00 a.m.

openssl security update

2016-09-2700:00:00
linux.oracle.com
31

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

7.8 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:N/I:N/A:C

0.449 Medium

EPSS

Percentile

97.0%

[1.0.1e-48.3]

  • fix CVE-2016-2177 - possible integer overflow
  • fix CVE-2016-2178 - non-constant time DSA operations
  • fix CVE-2016-2179 - further DoS issues in DTLS
  • fix CVE-2016-2180 - OOB read in TS_OBJ_print_bio()
  • fix CVE-2016-2181 - DTLS1 replay protection and unprocessed records issue
  • fix CVE-2016-2182 - possible buffer overflow in BN_bn2dec()
  • fix CVE-2016-6302 - insufficient TLS session ticket HMAC length check
  • fix CVE-2016-6304 - unbound memory growth with OCSP status request
  • fix CVE-2016-6306 - certificate message OOB reads
  • mitigate CVE-2016-2183 - degrade all 64bit block ciphers and RC4 to
    112 bit effective strength
  • replace expired testing certificates

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

7.8 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:N/I:N/A:C

0.449 Medium

EPSS

Percentile

97.0%

Related for ELSA-2016-1940