Back to bug 1331426
| Who | When | What | Removed | Added |
|---|---|---|---|---|
| Tomas Hoger | 2016-04-28 13:46:53 UTC | CC | security-response-team | |
| Red Hat Bugzilla | 2016-04-28 13:46:53 UTC | Doc Type | --- | Bug Fix |
| Tomas Hoger | 2016-04-28 13:47:07 UTC | Blocks | 1330106 | |
| Tomas Hoger | 2016-04-28 13:57:55 UTC | Whiteboard | impact=moderate,public=20160503,reported=20160428,source=openssl,cvss2=2.6/AV:N/AC:H/Au:N/C:P/I:N/A:N,rhel-4/openssl=notaffected,rhel-4/openssl096b=notaffected,rhel-5/openssl=notaffected,rhel-5/openssl097a=notaffected,rhel-6/openssl=affected,rhel-6/openssl098e=notaffected,rhel-7/openssl=affected,rhel-7/openssl098e=notaffected,fedora-all/openssl=affected,fedora-all/mingw-openssl=affected,eap-5/openssl=notaffected,eap-6/openssl=notaffected,jbews-2/openssl=notaffected,jbews-3/openssl=affected,epel-5/openssl101e=affected,epel-7/mingw-openssl=affected | impact=moderate,public=20160503,reported=20160428,source=openssl,cvss2=4/AV:N/AC:H/Au:N/C:P/I:P/A:N,rhel-4/openssl=notaffected,rhel-4/openssl096b=notaffected,rhel-5/openssl=notaffected,rhel-5/openssl097a=notaffected,rhel-6/openssl=affected,rhel-6/openssl098e=notaffected,rhel-7/openssl=affected,rhel-7/openssl098e=notaffected,fedora-all/openssl=affected,fedora-all/mingw-openssl=affected,eap-5/openssl=notaffected,eap-6/openssl=notaffected,jbews-2/openssl=notaffected,jbews-3/openssl=affected,epel-5/openssl101e=affected,epel-7/mingw-openssl=affected |
| Tomas Hoger | 2016-04-28 20:27:28 UTC | Depends On | 1331569 | |
| Tomas Hoger | 2016-04-28 20:27:37 UTC | Depends On | 1331570 | |
| Hubert Kario | 2016-04-29 10:52:45 UTC | CC | hkario | |
| Tomas Hoger | 2016-04-29 20:54:41 UTC | Depends On | 1331865 | |
| Tomas Hoger | 2016-04-29 20:54:50 UTC | Depends On | 1331866 | |
| Huzaifa S. Sidhpurwala | 2016-05-03 04:23:45 UTC | Doc Text | It was discovered that OpenSSL leaked timing information when decrypting TLS/SSL and DTLS protocol encrypted records when the connection uses AES CBC cipher suite and the server supports AES-NI. A remote attacker could possibly use this flaw to retrieve plain text from the encrypted packets by using a TLS/SSL or DTLS server as a padding oracle. | |
| Timothy Walsh | 2016-05-03 06:56:06 UTC | Depends On | 1332407 | |
| Martin Prpič | 2016-05-03 08:03:01 UTC | Doc Text | It was discovered that OpenSSL leaked timing information when decrypting TLS/SSL and DTLS protocol encrypted records when the connection uses AES CBC cipher suite and the server supports AES-NI. A remote attacker could possibly use this flaw to retrieve plain text from the encrypted packets by using a TLS/SSL or DTLS server as a padding oracle. | It was discovered that OpenSSL leaked timing information when decrypting TLS/SSL and DTLS protocol encrypted records when the connection used the AES CBC cipher suite and the server supported AES-NI. A remote attacker could possibly use this flaw to retrieve plain text from encrypted packets by using a TLS/SSL or DTLS server as a padding oracle. |
| Martin Prpič | 2016-05-03 14:24:39 UTC | Summary | EMBARGOED CVE-2016-2107 openssl: Padding oracle in AES-NI CBC MAC check | CVE-2016-2107 openssl: Padding oracle in AES-NI CBC MAC check |
| Martin Prpič | 2016-05-03 14:24:42 UTC | Group | security, qe_staff | |
| Martin Prpič | 2016-05-03 14:27:15 UTC | Depends On | 1332588 | |
| Martin Prpič | 2016-05-03 14:27:22 UTC | Depends On | 1332589 | |
| Martin Prpič | 2016-05-03 14:27:31 UTC | Depends On | 1332590 | |
| Martin Prpič | 2016-05-03 14:27:37 UTC | Depends On | 1332591 | |
| David Alan Hjelle | 2016-05-03 18:59:43 UTC | CC | dahjelle.redhat.com | |
| James Boyle | 2016-05-03 20:20:41 UTC | CC | unixi | |
| Robert Scheck | 2016-05-04 09:03:32 UTC | CC | redhat-bugzilla | |
| Slawomir Czarko | 2016-05-04 14:00:41 UTC | CC | slawomir | |
| Leho Kraav | 2016-05-04 16:48:26 UTC | CC | leho | |
| Eric Eisenhart | 2016-05-04 22:06:02 UTC | CC | freiheit | |
| Paul Dwyer | 2016-05-05 09:41:00 UTC | CC | pdwyer | |
| Norman Sardella | 2016-05-05 10:33:44 UTC | CC | sardella | |
| Jay Shin | 2016-05-05 23:21:13 UTC | CC | jaeshin | |
| Link ID | Red Hat Knowledge Base (Solution) 2298211 | |||
| Muhammad Azhar Shaikh | 2016-05-06 09:29:11 UTC | CC | jonas.schwabe | |
| CC | mdshaikh | |||
| Daniel Bradler | 2016-05-07 07:59:09 UTC | CC | bradler | |
| Devin Henderson | 2016-05-07 21:37:14 UTC | CC | devin | |
| Ryan Parman | 2016-05-08 16:57:03 UTC | CC | ryan.parman | |
| Yasuhiro Ozone | 2016-05-09 04:59:21 UTC | CC | yozone | |
| Akshay Jain | 2016-07-29 12:11:03 UTC | CC | akjain | |
| Martin Prpič | 2016-08-15 08:29:44 UTC | Whiteboard | impact=moderate,public=20160503,reported=20160428,source=openssl,cvss2=4/AV:N/AC:H/Au:N/C:P/I:P/A:N,rhel-4/openssl=notaffected,rhel-4/openssl096b=notaffected,rhel-5/openssl=notaffected,rhel-5/openssl097a=notaffected,rhel-6/openssl=affected,rhel-6/openssl098e=notaffected,rhel-7/openssl=affected,rhel-7/openssl098e=notaffected,fedora-all/openssl=affected,fedora-all/mingw-openssl=affected,eap-5/openssl=notaffected,eap-6/openssl=notaffected,jbews-2/openssl=notaffected,jbews-3/openssl=affected,epel-5/openssl101e=affected,epel-7/mingw-openssl=affected | impact=moderate,public=20160503,reported=20160428,source=openssl,cvss2=4/AV:N/AC:H/Au:N/C:P/I:P/A:N,rhel-4/openssl=notaffected,rhel-4/openssl096b=notaffected,rhel-5/openssl=notaffected,rhel-5/openssl097a=notaffected,rhel-6/openssl=affected,rhel-6/openssl098e=notaffected,rhel-7/openssl=affected,rhel-7/openssl098e=notaffected,fedora-all/openssl=affected,fedora-all/mingw-openssl=affected,eap-5/openssl=notaffected,eap-6/openssl=notaffected,jbews-2/openssl=notaffected,jbews-3/openssl=affected,epel-5/openssl101e=affected,epel-7/mingw-openssl=affected,rhel-6.7.z/openssl=affected |
| Martin Prpič | 2016-08-15 08:32:12 UTC | Depends On | 1366994 | |
| Brad Woodcock | 2016-09-15 20:04:18 UTC | CC | bwoodcock | |
| Andrew Sanders | 2016-11-10 17:41:41 UTC | CC | asanders | |
| Timothy Walsh | 2016-11-15 02:14:59 UTC | CC | twalsh | |
| Timothy Walsh | 2017-01-19 06:55:25 UTC | Blocks | 1395463 | |
| Timothy Walsh | 2017-02-21 11:35:19 UTC | CC | bbaranow, bmaxwell, cdewolf, csutherl, dandread, darran.lofthouse, dosoudil, erik-fedora, gzaronik, huwang, jawilson, ktietz, lgao, marcandre.lureau, mbabacek, mturk, myarboro, pgier, psakar, pslavice, rjones, rnetuka, rsvoboda, vtunka | |
| Whiteboard | impact=moderate,public=20160503,reported=20160428,source=openssl,cvss2=4/AV:N/AC:H/Au:N/C:P/I:P/A:N,rhel-4/openssl=notaffected,rhel-4/openssl096b=notaffected,rhel-5/openssl=notaffected,rhel-5/openssl097a=notaffected,rhel-6/openssl=affected,rhel-6/openssl098e=notaffected,rhel-7/openssl=affected,rhel-7/openssl098e=notaffected,fedora-all/openssl=affected,fedora-all/mingw-openssl=affected,eap-5/openssl=notaffected,eap-6/openssl=notaffected,jbews-2/openssl=notaffected,jbews-3/openssl=affected,epel-5/openssl101e=affected,epel-7/mingw-openssl=affected,rhel-6.7.z/openssl=affected | impact=moderate,public=20160503,reported=20160428,source=openssl,cvss2=4/AV:N/AC:H/Au:N/C:P/I:P/A:N,rhel-4/openssl=notaffected,rhel-4/openssl096b=notaffected,rhel-5/openssl=notaffected,rhel-5/openssl097a=notaffected,rhel-6/openssl=affected,rhel-6/openssl098e=notaffected,rhel-7/openssl=affected,rhel-7/openssl098e=notaffected,fedora-all/openssl=affected,fedora-all/mingw-openssl=affected,eap-5/openssl=notaffected,eap-6/openssl=notaffected,jbews-2/openssl=notaffected,jbews-3/openssl=affected,epel-5/openssl101e=affected,epel-7/mingw-openssl=affected,rhel-6.7.z/openssl=affected,jbcs-1/openssl=affected | ||
| Tomas Hoger | 2017-02-22 12:29:07 UTC | Status | NEW | CLOSED |
| Resolution | --- | ERRATA | ||
| Last Closed | 2017-02-22 07:29:07 UTC | |||
| Product Security DevOps Team | 2019-09-29 13:48:22 UTC | Whiteboard | impact=moderate,public=20160503,reported=20160428,source=openssl,cvss2=4/AV:N/AC:H/Au:N/C:P/I:P/A:N,rhel-4/openssl=notaffected,rhel-4/openssl096b=notaffected,rhel-5/openssl=notaffected,rhel-5/openssl097a=notaffected,rhel-6/openssl=affected,rhel-6/openssl098e=notaffected,rhel-7/openssl=affected,rhel-7/openssl098e=notaffected,fedora-all/openssl=affected,fedora-all/mingw-openssl=affected,eap-5/openssl=notaffected,eap-6/openssl=notaffected,jbews-2/openssl=notaffected,jbews-3/openssl=affected,epel-5/openssl101e=affected,epel-7/mingw-openssl=affected,rhel-6.7.z/openssl=affected,jbcs-1/openssl=affected | |
| Stanislav Ochotnicky | 2020-12-15 08:51:36 UTC | See Also | https://issues.redhat.com/browse/JBCS-81 |
Back to bug 1331426