Back to bug 1331441
| Who | When | What | Removed | Added |
|---|---|---|---|---|
| Tomas Hoger | 2016-04-28 14:04:59 UTC | CC | security-response-team | |
| Red Hat Bugzilla | 2016-04-28 14:04:59 UTC | Doc Type | --- | Bug Fix |
| Tomas Hoger | 2016-04-28 14:05:15 UTC | Blocks | 1330106 | |
| Tomas Hoger | 2016-04-28 18:01:20 UTC | Whiteboard | impact=moderate,public=20160503,reported=20160428,source=openssl,cvss2=5.1/AV:N/AC:H/Au:N/C:P/I:P/A:P,cwe=CWE-122,rhel-4/openssl=new,rhel-4/openssl096b=new,rhel-5/openssl=new,rhel-5/openssl097a=new,rhel-6/openssl=affected,rhel-6/openssl098e=new,rhel-7/openssl=affected,rhel-7/openssl098e=new,fedora-all/openssl=affected,fedora-all/mingw-openssl=affected,eap-5/openssl=new,eap-6/openssl=new,jbews-2/openssl=new,jbews-3/openssl=affected,epel-5/openssl101e=affected,epel-7/mingw-openssl=affected | impact=moderate,public=20160503,reported=20160428,source=openssl,cvss2=5.1/AV:N/AC:H/Au:N/C:P/I:P/A:P,cwe=CWE-190->CWE-122,rhel-4/openssl=new,rhel-4/openssl096b=new,rhel-5/openssl=new,rhel-5/openssl097a=new,rhel-6/openssl=affected,rhel-6/openssl098e=new,rhel-7/openssl=affected,rhel-7/openssl098e=new,fedora-all/openssl=affected,fedora-all/mingw-openssl=affected,eap-5/openssl=new,eap-6/openssl=new,jbews-2/openssl=new,jbews-3/openssl=affected,epel-5/openssl101e=affected,epel-7/mingw-openssl=affected |
| Tomas Hoger | 2016-04-28 20:27:28 UTC | Depends On | 1331569 | |
| Tomas Hoger | 2016-04-28 20:27:37 UTC | Depends On | 1331570 | |
| Hubert Kario | 2016-04-29 10:52:35 UTC | CC | hkario | |
| Tomas Hoger | 2016-04-29 20:54:41 UTC | Depends On | 1331865 | |
| Tomas Hoger | 2016-04-29 20:54:50 UTC | Depends On | 1331866 | |
| Huzaifa S. Sidhpurwala | 2016-05-02 08:22:34 UTC | Whiteboard | impact=moderate,public=20160503,reported=20160428,source=openssl,cvss2=5.1/AV:N/AC:H/Au:N/C:P/I:P/A:P,cwe=CWE-190->CWE-122,rhel-4/openssl=new,rhel-4/openssl096b=new,rhel-5/openssl=new,rhel-5/openssl097a=new,rhel-6/openssl=affected,rhel-6/openssl098e=new,rhel-7/openssl=affected,rhel-7/openssl098e=new,fedora-all/openssl=affected,fedora-all/mingw-openssl=affected,eap-5/openssl=new,eap-6/openssl=new,jbews-2/openssl=new,jbews-3/openssl=affected,epel-5/openssl101e=affected,epel-7/mingw-openssl=affected | impact=moderate,public=20160503,reported=20160428,source=openssl,cvss2=5.1/AV:N/AC:H/Au:N/C:P/I:P/A:P,cwe=CWE-190->CWE-122,rhel-4/openssl=wontfix,rhel-4/openssl096b=wontfix,rhel-5/openssl=wontfix,rhel-5/openssl097a=wontfix,rhel-6/openssl=affected,rhel-6/openssl098e=wontfix,rhel-7/openssl=affected,rhel-7/openssl098e=wontfix,fedora-all/openssl=affected,fedora-all/mingw-openssl=affected,eap-5/openssl=new,eap-6/openssl=new,jbews-2/openssl=new,jbews-3/openssl=affected,epel-5/openssl101e=affected,epel-7/mingw-openssl=affected |
| Huzaifa S. Sidhpurwala | 2016-05-03 04:16:28 UTC | Doc Text | A buffer-overflow was found in the EVP_EncodeUpdate() function of OpenSSL when parsing very large amounts of input data. An attacker could use this flaw against an application compiled against OpenSSL and using this vulnerable function to cause the application to crash or possibly execute arbitrary code with the permissions of the user running the application. | |
| Martin Prpič | 2016-05-03 08:02:03 UTC | Doc Text | A buffer-overflow was found in the EVP_EncodeUpdate() function of OpenSSL when parsing very large amounts of input data. An attacker could use this flaw against an application compiled against OpenSSL and using this vulnerable function to cause the application to crash or possibly execute arbitrary code with the permissions of the user running the application. | A buffer overflow flaw was found in the way the EVP_EncodeUpdate() function of OpenSSL parsed very large amounts of input data. A remote attacker could use this flaw to crash an application using OpenSSL or, possibly, execute arbitrary code with the permissions of the user running that application. |
| Martin Prpič | 2016-05-03 08:02:22 UTC | Doc Text | A buffer overflow flaw was found in the way the EVP_EncodeUpdate() function of OpenSSL parsed very large amounts of input data. A remote attacker could use this flaw to crash an application using OpenSSL or, possibly, execute arbitrary code with the permissions of the user running that application. | A buffer overflow flaw was found in the way the EVP_EncodeUpdate() function of OpenSSL parsed very large amounts of input data. A remote attacker could use this flaw to crash an application using OpenSSL or, possibly, execute arbitrary code with the permissions of the user running that application. |
| Martin Prpič | 2016-05-03 14:25:11 UTC | Summary | EMBARGOED CVE-2016-2105 openssl: EVP_EncodeUpdate overflow | CVE-2016-2105 openssl: EVP_EncodeUpdate overflow |
| Martin Prpič | 2016-05-03 14:25:14 UTC | Group | security, qe_staff | |
| Martin Prpič | 2016-05-03 14:27:15 UTC | Depends On | 1332588 | |
| Martin Prpič | 2016-05-03 14:27:22 UTC | Depends On | 1332589 | |
| Martin Prpič | 2016-05-03 14:27:31 UTC | Depends On | 1332590 | |
| Martin Prpič | 2016-05-03 14:27:37 UTC | Depends On | 1332591 | |
| Martin Prpič | 2016-05-03 14:48:28 UTC | Doc Text | A buffer overflow flaw was found in the way the EVP_EncodeUpdate() function of OpenSSL parsed very large amounts of input data. A remote attacker could use this flaw to crash an application using OpenSSL or, possibly, execute arbitrary code with the permissions of the user running that application. | An integer overflow flaw, leading to buffer overflow, was found in the way the EVP_EncodeUpdate() function of OpenSSL parsed very large amounts of input data. A remote attacker could use this flaw to crash an application using OpenSSL or, possibly, execute arbitrary code with the permissions of the user running that application. |
| Martin Prpič | 2016-05-03 14:48:45 UTC | Doc Text | An integer overflow flaw, leading to buffer overflow, was found in the way the EVP_EncodeUpdate() function of OpenSSL parsed very large amounts of input data. A remote attacker could use this flaw to crash an application using OpenSSL or, possibly, execute arbitrary code with the permissions of the user running that application. | An integer overflow flaw, leading to a buffer overflow, was found in the way the EVP_EncodeUpdate() function of OpenSSL parsed very large amounts of input data. A remote attacker could use this flaw to crash an application using OpenSSL or, possibly, execute arbitrary code with the permissions of the user running that application. |
| Timothy Walsh | 2016-05-04 12:53:03 UTC | Whiteboard | impact=moderate,public=20160503,reported=20160428,source=openssl,cvss2=5.1/AV:N/AC:H/Au:N/C:P/I:P/A:P,cwe=CWE-190->CWE-122,rhel-4/openssl=wontfix,rhel-4/openssl096b=wontfix,rhel-5/openssl=wontfix,rhel-5/openssl097a=wontfix,rhel-6/openssl=affected,rhel-6/openssl098e=wontfix,rhel-7/openssl=affected,rhel-7/openssl098e=wontfix,fedora-all/openssl=affected,fedora-all/mingw-openssl=affected,eap-5/openssl=new,eap-6/openssl=new,jbews-2/openssl=new,jbews-3/openssl=affected,epel-5/openssl101e=affected,epel-7/mingw-openssl=affected | impact=moderate,public=20160503,reported=20160428,source=openssl,cvss2=5.1/AV:N/AC:H/Au:N/C:P/I:P/A:P,cwe=CWE-190->CWE-122,rhel-4/openssl=wontfix,rhel-4/openssl096b=wontfix,rhel-5/openssl=wontfix,rhel-5/openssl097a=wontfix,rhel-6/openssl=affected,rhel-6/openssl098e=wontfix,rhel-7/openssl=affected,rhel-7/openssl098e=wontfix,fedora-all/openssl=affected,fedora-all/mingw-openssl=affected,eap-5/openssl=notaffected,eap-6/openssl=notaffected,jbews-2/openssl=notaffected,jbews-3/openssl=affected,epel-5/openssl101e=affected,epel-7/mingw-openssl=affected |
| Timothy Walsh | 2016-05-04 12:58:06 UTC | Depends On | 1332975 | |
| Slawomir Czarko | 2016-05-04 14:02:02 UTC | CC | slawomir | |
| Norman Sardella | 2016-05-05 10:34:07 UTC | CC | sardella | |
| Jay Shin | 2016-05-05 23:12:30 UTC | CC | jaeshin | |
| Link ID | Red Hat Knowledge Base (Solution) 2298211 | |||
| Ryan Parman | 2016-05-08 16:57:38 UTC | CC | ryan.parman | |
| Yasuhiro Ozone | 2016-05-09 04:58:58 UTC | CC | yozone | |
| Timothy Walsh | 2016-05-18 11:59:44 UTC | Whiteboard | impact=moderate,public=20160503,reported=20160428,source=openssl,cvss2=5.1/AV:N/AC:H/Au:N/C:P/I:P/A:P,cwe=CWE-190->CWE-122,rhel-4/openssl=wontfix,rhel-4/openssl096b=wontfix,rhel-5/openssl=wontfix,rhel-5/openssl097a=wontfix,rhel-6/openssl=affected,rhel-6/openssl098e=wontfix,rhel-7/openssl=affected,rhel-7/openssl098e=wontfix,fedora-all/openssl=affected,fedora-all/mingw-openssl=affected,eap-5/openssl=notaffected,eap-6/openssl=notaffected,jbews-2/openssl=notaffected,jbews-3/openssl=affected,epel-5/openssl101e=affected,epel-7/mingw-openssl=affected | impact=moderate,public=20160503,reported=20160428,source=openssl,cvss2=5.1/AV:N/AC:H/Au:N/C:P/I:P/A:P,cwe=CWE-190->CWE-122,rhel-4/openssl=wontfix,rhel-4/openssl096b=wontfix,rhel-5/openssl=wontfix,rhel-5/openssl097a=wontfix,rhel-6/openssl=affected,rhel-6/openssl098e=wontfix,rhel-7/openssl=affected,rhel-7/openssl098e=wontfix,fedora-all/openssl=affected,fedora-all/mingw-openssl=affected,eap-5/openssl=notaffected,eap-6/openssl=affected,jbews-2/openssl=affected,jbews-3/openssl=affected,epel-5/openssl101e=affected,epel-7/mingw-openssl=affected |
| Timothy Walsh | 2016-05-18 12:00:43 UTC | Depends On | 1337149 | |
| Timothy Walsh | 2016-05-18 12:00:55 UTC | Depends On | 1337150 | |
| Timothy Walsh | 2016-05-18 12:01:09 UTC | Depends On | 1337151 | |
| Michal Karm Babacek | 2016-07-19 09:37:55 UTC | CC | mbabacek, thoger | |
| Flags | needinfo?(thoger) | |||
| Tomas Hoger | 2016-07-19 09:46:59 UTC | CC | thoger | huzaifas |
| Flags | needinfo?(thoger) | needinfo?(huzaifas) | ||
| Huzaifa S. Sidhpurwala | 2016-07-20 04:54:28 UTC | Flags | needinfo?(huzaifas) | |
| Akshay Jain | 2016-08-10 12:22:46 UTC | CC | akjain | |
| Martin Prpič | 2016-08-15 08:29:11 UTC | Whiteboard | impact=moderate,public=20160503,reported=20160428,source=openssl,cvss2=5.1/AV:N/AC:H/Au:N/C:P/I:P/A:P,cwe=CWE-190->CWE-122,rhel-4/openssl=wontfix,rhel-4/openssl096b=wontfix,rhel-5/openssl=wontfix,rhel-5/openssl097a=wontfix,rhel-6/openssl=affected,rhel-6/openssl098e=wontfix,rhel-7/openssl=affected,rhel-7/openssl098e=wontfix,fedora-all/openssl=affected,fedora-all/mingw-openssl=affected,eap-5/openssl=notaffected,eap-6/openssl=affected,jbews-2/openssl=affected,jbews-3/openssl=affected,epel-5/openssl101e=affected,epel-7/mingw-openssl=affected | impact=moderate,public=20160503,reported=20160428,source=openssl,cvss2=5.1/AV:N/AC:H/Au:N/C:P/I:P/A:P,cwe=CWE-190->CWE-122,rhel-4/openssl=wontfix,rhel-4/openssl096b=wontfix,rhel-5/openssl=wontfix,rhel-5/openssl097a=wontfix,rhel-6/openssl=affected,rhel-6/openssl098e=wontfix,rhel-7/openssl=affected,rhel-7/openssl098e=wontfix,fedora-all/openssl=affected,fedora-all/mingw-openssl=affected,eap-5/openssl=notaffected,eap-6/openssl=affected,jbews-2/openssl=affected,jbews-3/openssl=affected,epel-5/openssl101e=affected,epel-7/mingw-openssl=affected,rhel-6.7.z/openssl=affected |
| Martin Prpič | 2016-08-15 08:32:12 UTC | Depends On | 1366994 | |
| Chess Hazlett | 2016-08-22 14:12:37 UTC | Whiteboard | impact=moderate,public=20160503,reported=20160428,source=openssl,cvss2=5.1/AV:N/AC:H/Au:N/C:P/I:P/A:P,cwe=CWE-190->CWE-122,rhel-4/openssl=wontfix,rhel-4/openssl096b=wontfix,rhel-5/openssl=wontfix,rhel-5/openssl097a=wontfix,rhel-6/openssl=affected,rhel-6/openssl098e=wontfix,rhel-7/openssl=affected,rhel-7/openssl098e=wontfix,fedora-all/openssl=affected,fedora-all/mingw-openssl=affected,eap-5/openssl=notaffected,eap-6/openssl=affected,jbews-2/openssl=affected,jbews-3/openssl=affected,epel-5/openssl101e=affected,epel-7/mingw-openssl=affected,rhel-6.7.z/openssl=affected | impact=moderate,public=20160503,reported=20160428,source=openssl,cvss2=5.1/AV:N/AC:H/Au:N/C:P/I:P/A:P,cvss3=5.6/CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L,cwe=CWE-190->CWE-122,rhel-4/openssl=wontfix,rhel-4/openssl096b=wontfix,rhel-5/openssl=wontfix,rhel-5/openssl097a=wontfix,rhel-6/openssl=affected,rhel-6/openssl098e=wontfix,rhel-7/openssl=affected,rhel-7/openssl098e=wontfix,fedora-all/openssl=affected,fedora-all/mingw-openssl=affected,eap-5/openssl=notaffected,eap-6/openssl=affected,jbews-2/openssl=affected,jbews-3/openssl=affected,epel-5/openssl101e=affected,epel-7/mingw-openssl=affected,rhel-6.7.z/openssl=affected |
| Chess Hazlett | 2016-08-22 18:32:38 UTC | CC | chazlett | |
| Timothy Walsh | 2016-11-15 02:18:47 UTC | CC | twalsh | |
| Timothy Walsh | 2017-01-19 06:55:25 UTC | Blocks | 1395463 | |
| Timothy Walsh | 2017-02-21 11:40:00 UTC | CC | bbaranow, bmaxwell, cdewolf, csutherl, dandread, darran.lofthouse, dosoudil, erik-fedora, gzaronik, huwang, jawilson, ktietz, lgao, marcandre.lureau, mturk, myarboro, pgier, psakar, pslavice, redhat-bugzilla, rjones, rnetuka, rsvoboda, vtunka | |
| Whiteboard | impact=moderate,public=20160503,reported=20160428,source=openssl,cvss2=5.1/AV:N/AC:H/Au:N/C:P/I:P/A:P,cvss3=5.6/CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L,cwe=CWE-190->CWE-122,rhel-4/openssl=wontfix,rhel-4/openssl096b=wontfix,rhel-5/openssl=wontfix,rhel-5/openssl097a=wontfix,rhel-6/openssl=affected,rhel-6/openssl098e=wontfix,rhel-7/openssl=affected,rhel-7/openssl098e=wontfix,fedora-all/openssl=affected,fedora-all/mingw-openssl=affected,eap-5/openssl=notaffected,eap-6/openssl=affected,jbews-2/openssl=affected,jbews-3/openssl=affected,epel-5/openssl101e=affected,epel-7/mingw-openssl=affected,rhel-6.7.z/openssl=affected | impact=moderate,public=20160503,reported=20160428,source=openssl,cvss2=5.1/AV:N/AC:H/Au:N/C:P/I:P/A:P,cvss3=5.6/CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L,cwe=CWE-190->CWE-122,rhel-4/openssl=wontfix,rhel-4/openssl096b=wontfix,rhel-5/openssl=wontfix,rhel-5/openssl097a=wontfix,rhel-6/openssl=affected,rhel-6/openssl098e=wontfix,rhel-7/openssl=affected,rhel-7/openssl098e=wontfix,fedora-all/openssl=affected,fedora-all/mingw-openssl=affected,eap-5/openssl=notaffected,eap-6/openssl=affected,jbews-2/openssl=affected,jbews-3/openssl=affected,epel-5/openssl101e=affected,epel-7/mingw-openssl=affected,rhel-6.7.z/openssl=affected,jbcs-1/openssl=affected | ||
| Tomas Hoger | 2017-02-22 12:28:19 UTC | Status | NEW | CLOSED |
| Resolution | --- | ERRATA | ||
| Last Closed | 2017-02-22 07:28:19 UTC | |||
| Product Security DevOps Team | 2019-09-29 13:48:22 UTC | Whiteboard | impact=moderate,public=20160503,reported=20160428,source=openssl,cvss2=5.1/AV:N/AC:H/Au:N/C:P/I:P/A:P,cvss3=5.6/CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L,cwe=CWE-190->CWE-122,rhel-4/openssl=wontfix,rhel-4/openssl096b=wontfix,rhel-5/openssl=wontfix,rhel-5/openssl097a=wontfix,rhel-6/openssl=affected,rhel-6/openssl098e=wontfix,rhel-7/openssl=affected,rhel-7/openssl098e=wontfix,fedora-all/openssl=affected,fedora-all/mingw-openssl=affected,eap-5/openssl=notaffected,eap-6/openssl=affected,jbews-2/openssl=affected,jbews-3/openssl=affected,epel-5/openssl101e=affected,epel-7/mingw-openssl=affected,rhel-6.7.z/openssl=affected,jbcs-1/openssl=affected | |
| Stanislav Ochotnicky | 2020-12-15 08:51:41 UTC | See Also | https://issues.redhat.com/browse/JBCS-87 |
Back to bug 1331441