Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
slackwareSlackware Linux ProjectSSA-2016-270-01
HistorySep 26, 2016 - 6:59 p.m.

[slackware-security] openssl

2016-09-2618:59:48
Slackware Linux Project
www.slackware.com
24

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

0.427 Medium

EPSS

Percentile

97.4%

JSON

New openssl packages are available for Slackware 14.2 and -current to
fix a security issue.

Here are the details from the Slackware 14.2 ChangeLog:

patches/packages/openssl-1.0.2j-i586-1_slack14.2.txz: Upgraded.
This update fixes a security issue:
Missing CRL sanity check (CVE-2016-7052)
For more information, see:
https://www.openssl.org/news/secadv/20160926.txt
https://vulners.com/cve/CVE-2016-7052
(* Security fix *)
patches/packages/openssl-solibs-1.0.2j-i586-1_slack14.2.txz: Upgraded.

Where to find the new packages:

Thanks to the friendly folks at the OSU Open Source Lab
(http://osuosl.org) for donating FTP and rsync hosting
to the Slackware project! :-)

Also see the “Get Slack” section on http://slackware.com for
additional mirror sites near you.

Updated packages for Slackware 14.2:
ftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/openssl-1.0.2j-i586-1_slack14.2.txz
ftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/openssl-solibs-1.0.2j-i586-1_slack14.2.txz

Updated packages for Slackware x86_64 14.2:
ftp://ftp.slackware.com/pub/slackware/slackware64-14.2/patches/packages/openssl-1.0.2j-x86_64-1_slack14.2.txz
ftp://ftp.slackware.com/pub/slackware/slackware64-14.2/patches/packages/openssl-solibs-1.0.2j-x86_64-1_slack14.2.txz

Updated packages for Slackware -current:
ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/a/openssl-solibs-1.0.2j-i586-1.txz
ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/openssl-1.0.2j-i586-1.txz

Updated packages for Slackware x86_64 -current:
ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/a/openssl-solibs-1.0.2j-x86_64-1.txz
ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/n/openssl-1.0.2j-x86_64-1.txz

MD5 signatures:

Slackware 14.2 packages:
cf3e90f91b35ee96f5a900e5f2ec8fd5 openssl-1.0.2j-i586-1_slack14.2.txz
31cc46351fdd4c487f75abdbfcd696e7 openssl-solibs-1.0.2j-i586-1_slack14.2.txz

Slackware x86_64 14.2 packages:
333fd278752b5f04a805aeabd77f28c4 openssl-1.0.2j-x86_64-1_slack14.2.txz
6b25daf23b1cfc59351308b9c11e830a openssl-solibs-1.0.2j-x86_64-1_slack14.2.txz

Slackware -current packages:
98337bdfe00f04be784953fee5c023ca a/openssl-solibs-1.0.2j-i586-1.txz
3cd05a7ed655e7f51f652a31b9b908e7 n/openssl-1.0.2j-i586-1.txz

Slackware x86_64 -current packages:
6907d9a091ace959d8f04aa92cd7e5f6 a/openssl-solibs-1.0.2j-x86_64-1.txz
4017d82d5c4c370ab6850a5d623d321a n/openssl-1.0.2j-x86_64-1.txz

Installation instructions:

Upgrade the packages as root:
> upgradepkg openssl-1.0.2j-i586-1_slack14.2.txz openssl-solibs-1.0.2j-i586-1_slack14.2.txz

Related

cve 1
archlinux 2
f5 2
openssl 1
prion 1
openvas 14
nvd 1
redhatcve 1
alpinelinux 1
nessus 19
debiancve 1
freebsd_advisory 1
cvelist 1
ubuntucve 1
freebsd 1
threatpost 1
ibm 25
suse 4
fedora 3
aix 1
symantec 1
gentoo 1
cisco 1
nodejsblog 1
huawei 1
mageia 1
packetstorm 1
oracle 7
cve
cve
CVE-2016-7052
2016-09-26 19:59:07
archlinux
archlinux
[ASA-201609-28] lib32-openssl: denial of service
2016-09-27 00:00:00
[ASA-201609-30] openssl: denial of service
2016-09-28 00:00:00
f5
f5
SOL39272405 - OpenSSL vulnerability CVE-2016-7052
2016-10-10 00:00:00
K39272405 : OpenSSL vulnerability CVE-2016-7052
2016-10-10 00:00:00
openssl
openssl
Vulnerability in OpenSSL CVE-2016-7052
2016-09-26 00:00:00
prion
prion
Null pointer dereference
2016-09-26 19:59:00
openvas
openvas
Slackware: Security Advisory (SSA:2016-270-01)
2022-04-21 00:00:00
OpenSSL Missing CRL sanity check Vulnerability - Windows
2016-09-26 00:00:00
OpenSSL Missing CRL sanity check Vulnerability - Linux
2016-09-26 00:00:00
nvd
nvd
CVE-2016-7052
2016-09-26 19:59:07
redhatcve
redhatcve
CVE-2016-7052
2016-09-26 11:17:23
alpinelinux
alpinelinux
CVE-2016-7052
2016-09-26 19:59:07
nessus
nessus
Slackware 14.2 / current : openssl (SSA:2016-270-01)
2016-09-27 00:00:00
OpenSSL 1.0.2i < 1.0.2j Vulnerability
2016-09-28 00:00:00
FreeBSD : OpenSSL -- multiple vulnerabilities (91a337d8-83ed-11e6-bf52-b499baebfeaf)
2016-09-27 00:00:00
debiancve
debiancve
CVE-2016-7052
2016-09-26 19:59:07
freebsd_advisory
freebsd_advisory
FreeBSD-SA-16:27.openssl
2016-10-10 00:00:00
cvelist
cvelist
CVE-2016-7052
2016-09-26 19:00:00
ubuntucve
ubuntucve
CVE-2016-7052
2016-09-26 00:00:00
freebsd
freebsd
OpenSSL -- multiple vulnerabilities
2016-09-26 00:00:00
threatpost
threatpost
OpenSSL Fixes Critical Bug Introduced by Latest Update
2016-09-26 10:45:04
ibm
ibm
Security Bulletin: Vulnerabilities in OpenSSL affect IBM Security Network Active Bypass (CVE-2016-6304, CVE-2016-6303, CVE-2016-2181, CVE-2016-6309, CVE-2016-7052 )
2018-06-16 21:49:05
Security Bulletin: Vulnerabilities in OpenSSL affect IBM Security Network Controller (CVE-2016-6304, CVE-2016-6303, CVE-2016-6308, CVE-2016-2181, CVE-2016-6309, CVE-2016-7052 )
2018-06-16 21:49:05
Security Bulletin: Multiple Vulnerabilities in OpenSSL affect IBM MessageSight (CVE-2016-6303, CVE-2016-2182, CVE-2016-2178, CVE-2016-6306, CVE-2016-2183, CVE-2016-2177, CVE-2016-7052)
2018-06-17 15:36:58
suse
suse
Security update for nodejs4 (important)
2016-10-06 20:14:21
Security update for nodejs4 (important)
2016-11-01 16:19:35
Security update for nodejs (important)
2016-10-11 19:20:03
fedora
fedora
[SECURITY] Fedora 24 Update: openssl-1.0.2j-1.fc24
2016-09-28 01:57:16
[SECURITY] Fedora 25 Update: openssl-1.0.2j-1.fc25
2016-10-09 03:28:42
[SECURITY] Fedora 23 Update: openssl-1.0.2j-1.fc23
2016-10-11 23:24:05
aix
aix
Vulnerabilities in OpenSSL affect AIX
2016-11-14 13:29:26
symantec
symantec
SA132 : OpenSSL Vulnerabilities 22-Sep-2016 and 26-Sep-2016
2016-10-06 08:00:00
gentoo
gentoo
OpenSSL: Multiple vulnerabilities
2016-12-07 00:00:00
cisco
cisco
Multiple Vulnerabilities in OpenSSL Affecting Cisco Products: September 2016
2016-09-27 22:40:00
nodejsblog
nodejsblog
Security updates for all active release lines, September 2016
2016-09-23 00:00:00
huawei
huawei
Security Advisory - Sixteen OpenSSL Vulnerabilities on Some Huawei products
2017-03-22 00:00:00
mageia
mageia
Updated virtualbox packages fixes security vulnerabilities
2016-12-06 00:49:27
packetstorm
packetstorm
Orion Elite Hidden IP Browser Pro 7.9 OpenSSL / Tor / Man-In-The-Middle
2017-07-14 00:00:00
oracle
oracle
Oracle Critical Patch Update - April 2018
2018-04-17 00:00:00
Oracle Critical Patch Update - October 2016
2016-10-18 00:00:00
Oracle Critical Patch Update - January 2018
2018-01-16 00:00:00

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

0.427 Medium

EPSS

Percentile

97.4%

JSON
Related for SSA-2016-270-01
cve1archlinux2f52openssl1prion1openvas14nvd1redhatcve1alpinelinux1nessus19debiancve1freebsd_advisory1cvelist1ubuntucve1freebsd1threatpost1ibm25suse4fedora3aix1symantec1gentoo1cisco1nodejsblog1huawei1mageia1packetstorm1oracle7