Mageia: Security Advisory (MGASA-2016-0169)

The remote host is missing an update for the SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Updated openssl packages fix security vulnerability

An overflow can occur in the EVPEncodeUpdate function which is used for Base64 encoding of binary data. If an attacker is able to supply very large amounts of input data then a length check can overflow resulting in a heap corruption CVE-2016-2105. An overflow can occur in the EVPEncryptUpdate...

MGASA-2016-0169 Updated openssl packages fix security vulnerability

An overflow can occur in the EVPEncodeUpdate function which is used for Base64 encoding of binary data. If an attacker is able to supply very large amounts of input data then a length check can overflow resulting in a heap corruption CVE-2016-2105. An overflow can occur in the EVPEncryptUpdate...

Internet Bug Bounty: Padding oracle in AES-NI CBC MAC check (CVE-2016-2107)

Advisory: https://www.openssl.org/news/secadv/20160503.txt Writeup Referencing a proof of concept: http://web-in-security.blogspot.de/2016/05/curious-padding-oracle-in-openssl-cve.html...

openSUSE: Security Advisory for openssl (openSUSE-SU-2016:1238-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Security update for openssl (important)

This update for openssl fixes the following issues: - CVE-2016-2108: Memory corruption in the ASN.1 encoder bsc977617 - CVE-2016-2107: Padding oracle in AES-NI CBC MAC check bsc977616 - CVE-2016-2105: EVPEncodeUpdate overflow bsc977614 - CVE-2016-2106: EVPEncryptUpdate overflow bsc977615 -...

Security update for openssl (important)

This update for openssl fixes the following issues: - CVE-2016-2105: EVPEncodeUpdate overflow bsc977614 - CVE-2016-2106: EVPEncryptUpdate overflow bsc977615 - CVE-2016-2107: Padding oracle in AES-NI CBC MAC check bsc977616 - CVE-2016-2108: Memory corruption in the ASN.1 encoder bsc977617 -...

Security update for openssl (important)

This update for openssl fixes the following issues: - CVE-2016-2108: Memory corruption in the ASN.1 encoder boo977617 - CVE-2016-2107: Padding oracle in AES-NI CBC MAC check boo977616 - CVE-2016-2105: EVPEncodeUpdate overflow boo977614 - CVE-2016-2106: EVPEncryptUpdate overflow boo977615 -...

Security update for openssl (important)

This update for openssl fixes the following issues: - CVE-2016-2105: EVPEncodeUpdate overflow bsc977614 - CVE-2016-2106: EVPEncryptUpdate overflow bsc977615 - CVE-2016-2107: Padding oracle in AES-NI CBC MAC check bsc977616 - CVE-2016-2108: Memory corruption in the ASN.1 encoder bsc977617 -...

ALPINE-CVE-2016-2107

The AES-NI implementation in OpenSSL before 1.0.1t and 1.0.2 before 1.0.2h does not consider memory allocation during a certain padding check, which allows remote attackers to obtain sensitive cleartext information via a padding-oracle attack against an AES CBC session. NOTE: this vulnerability...

DEBIAN-CVE-2016-2107

The AES-NI implementation in OpenSSL before 1.0.1t and 1.0.2 before 1.0.2h does not consider memory allocation during a certain padding check, which allows remote attackers to obtain sensitive cleartext information via a padding-oracle attack against an AES CBC session. NOTE: this vulnerability...

CVE-2016-2107

The AES-NI implementation in OpenSSL before 1.0.1t and 1.0.2 before 1.0.2h does not consider memory allocation during a certain padding check, which allows remote attackers to obtain sensitive cleartext information via a padding-oracle attack against an AES CBC session. NOTE: this vulnerability...

Design/Logic Flaw

The AES-NI implementation in OpenSSL before 1.0.1t and 1.0.2 before 1.0.2h does not consider memory allocation during a certain padding check, which allows remote attackers to obtain sensitive cleartext information via a padding-oracle attack against an AES CBC session. NOTE: this vulnerability...

CVE-2016-2107

The AES-NI implementation in OpenSSL before 1.0.1t and 1.0.2 before 1.0.2h does not consider memory allocation during a certain padding check, which allows remote attackers to obtain sensitive cleartext information via a padding-oracle attack against an AES CBC session. NOTE: this vulnerability...

SUSE SLED12 / SLES12 Security Update : openssl (SUSE-SU-2016:1228-1)

This update for openssl fixes the following issues : - CVE-2016-2108: Memory corruption in the ASN.1 encoder bsc977617 - CVE-2016-2107: Padding oracle in AES-NI CBC MAC check bsc977616 - CVE-2016-2105: EVPEncodeUpdate overflow bsc977614 - CVE-2016-2106: EVPEncryptUpdate overflow bsc977615 -...

CVE-2016-2107

The AES-NI implementation in OpenSSL before 1.0.1t and 1.0.2 before 1.0.2h does not consider memory allocation during a certain padding check, which allows remote attackers to obtain sensitive cleartext information via a padding-oracle attack against an AES CBC session. NOTE: this vulnerability...

CVE-2016-2107

CVE-2016-2107 (OpenSSL) is a padding-oracle vulnerability in the AES-NI CBC MAC check. The issue arises in the AES-CBC padding validation where memory allocation during the padding check is mishandled, enabling potential leakage of plaintext under certain conditions. Affected OpenSSL versions inc...

Debian DSA-3566-1 : openssl - security update

Several vulnerabilities were discovered in OpenSSL, a Secure Socket Layer toolkit. - CVE-2016-2105 Guido Vranken discovered that an overflow can occur in the function EVPEncodeUpdate, used for Base64 encoding, if an attacker can supply a large amount of data. This could lead to a heap corruption....

High-Severity OpenSSL Vulnerability allows Hackers to Decrypt HTTPS Traffic

OpenSSL has released a series of patches against six vulnerabilities, including a pair of high-severity flaws that could allow attackers to execute malicious code on a web server as well as decrypt HTTPS traffic. OpenSSL is an open-source cryptographic library that is the most widely being used b...

Multiple Vulnerabilities in OpenSSL Affecting Cisco Products: May 2016

On May 3, 2016, the OpenSSL Software Foundation released a security advisory that included six vulnerabilities. Of the six vulnerabilities disclosed, four of them may cause memory corruption or excessive memory usage, one could allow a padding oracle attack to decrypt traffic when the connection...