2926 matches found
MGASA-2016-0169 Updated openssl packages fix security vulnerability
An overflow can occur in the EVPEncodeUpdate function which is used for Base64 encoding of binary data. If an attacker is able to supply very large amounts of input data then a length check can overflow resulting in a heap corruption CVE-2016-2105. An overflow can occur in the EVPEncryptUpdate...
Updated openssl packages fix security vulnerability
An overflow can occur in the EVPEncodeUpdate function which is used for Base64 encoding of binary data. If an attacker is able to supply very large amounts of input data then a length check can overflow resulting in a heap corruption CVE-2016-2105. An overflow can occur in the EVPEncryptUpdate...
Internet Bug Bounty: Padding oracle in AES-NI CBC MAC check (CVE-2016-2107)
Advisory: https://www.openssl.org/news/secadv/20160503.txt Writeup Referencing a proof of concept: http://web-in-security.blogspot.de/2016/05/curious-padding-oracle-in-openssl-cve.html...
Linux kernel rtnetlink information disclosure vulnerability
Linux kernel is an open source operating system. Linux kernel's rtnetlink fails to initialize padding bytes in the 'map' stack object, allowing a local attacker to exploit the vulnerability to obtain kernel information...
openSUSE: Security Advisory for openssl (openSUSE-SU-2016:1238-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Linux kernel information disclosure vulnerability (CNVD-2016-02915)
The Linux kernel is the kernel used by the operating system Linux, released by the Linux Foundation in the United States. An information disclosure vulnerability exists in the llc module of the Linux kernel, which stems from a program's failure to initialize the padding bytes in the 'info' stack...
Linux kernel devio information disclosure vulnerability
The Linux kernel is the kernel used by the operating system Linux, released by the Linux Foundation in the United States. An information disclosure vulnerability exists in the Linux kernel's devio, which stems from a program's failure to initialize the padding bytes in the 'map' stack object. An...
Security update for openssl (important)
This update for openssl fixes the following issues: - CVE-2016-2108: Memory corruption in the ASN.1 encoder bsc977617 - CVE-2016-2107: Padding oracle in AES-NI CBC MAC check bsc977616 - CVE-2016-2105: EVPEncodeUpdate overflow bsc977614 - CVE-2016-2106: EVPEncryptUpdate overflow bsc977615 -...
Security update for openssl (important)
This update for openssl fixes the following issues: - CVE-2016-2105: EVPEncodeUpdate overflow bsc977614 - CVE-2016-2106: EVPEncryptUpdate overflow bsc977615 - CVE-2016-2107: Padding oracle in AES-NI CBC MAC check bsc977616 - CVE-2016-2108: Memory corruption in the ASN.1 encoder bsc977617 -...
Security update for openssl (important)
This update for openssl fixes the following issues: - CVE-2016-2108: Memory corruption in the ASN.1 encoder boo977617 - CVE-2016-2107: Padding oracle in AES-NI CBC MAC check boo977616 - CVE-2016-2105: EVPEncodeUpdate overflow boo977614 - CVE-2016-2106: EVPEncryptUpdate overflow boo977615 -...
Security update for openssl (important)
This update for openssl fixes the following issues: - CVE-2016-2105: EVPEncodeUpdate overflow bsc977614 - CVE-2016-2106: EVPEncryptUpdate overflow bsc977615 - CVE-2016-2107: Padding oracle in AES-NI CBC MAC check bsc977616 - CVE-2016-2108: Memory corruption in the ASN.1 encoder bsc977617 -...
CVE-2016-2107
The AES-NI implementation in OpenSSL before 1.0.1t and 1.0.2 before 1.0.2h does not consider memory allocation during a certain padding check, which allows remote attackers to obtain sensitive cleartext information via a padding-oracle attack against an AES CBC session. NOTE: this vulnerability...
DEBIAN-CVE-2016-2107
The AES-NI implementation in OpenSSL before 1.0.1t and 1.0.2 before 1.0.2h does not consider memory allocation during a certain padding check, which allows remote attackers to obtain sensitive cleartext information via a padding-oracle attack against an AES CBC session. NOTE: this vulnerability...
ALPINE-CVE-2016-2107
The AES-NI implementation in OpenSSL before 1.0.1t and 1.0.2 before 1.0.2h does not consider memory allocation during a certain padding check, which allows remote attackers to obtain sensitive cleartext information via a padding-oracle attack against an AES CBC session. NOTE: this vulnerability...
Design/Logic Flaw
The AES-NI implementation in OpenSSL before 1.0.1t and 1.0.2 before 1.0.2h does not consider memory allocation during a certain padding check, which allows remote attackers to obtain sensitive cleartext information via a padding-oracle attack against an AES CBC session. NOTE: this vulnerability...
CVE-2016-2107
The AES-NI implementation in OpenSSL before 1.0.1t and 1.0.2 before 1.0.2h does not consider memory allocation during a certain padding check, which allows remote attackers to obtain sensitive cleartext information via a padding-oracle attack against an AES CBC session. NOTE: this vulnerability...
CVE-2016-2107
CVE-2016-2107 (OpenSSL) is a padding-oracle vulnerability in the AES-NI CBC MAC check. The issue arises in the AES-CBC padding validation where memory allocation during the padding check is mishandled, enabling potential leakage of plaintext under certain conditions. Affected OpenSSL versions inc...
Debian DSA-3566-1 : openssl - security update
Several vulnerabilities were discovered in OpenSSL, a Secure Socket Layer toolkit. - CVE-2016-2105 Guido Vranken discovered that an overflow can occur in the function EVPEncodeUpdate, used for Base64 encoding, if an attacker can supply a large amount of data. This could lead to a heap corruption....
SUSE SLED12 / SLES12 Security Update : openssl (SUSE-SU-2016:1228-1)
This update for openssl fixes the following issues : - CVE-2016-2108: Memory corruption in the ASN.1 encoder bsc977617 - CVE-2016-2107: Padding oracle in AES-NI CBC MAC check bsc977616 - CVE-2016-2105: EVPEncodeUpdate overflow bsc977614 - CVE-2016-2106: EVPEncryptUpdate overflow bsc977615 -...
CVE-2016-2107
The AES-NI implementation in OpenSSL before 1.0.1t and 1.0.2 before 1.0.2h does not consider memory allocation during a certain padding check, which allows remote attackers to obtain sensitive cleartext information via a padding-oracle attack against an AES CBC session. NOTE: this vulnerability...