Back to bug 1331536
| Who | When | What | Removed | Added |
|---|---|---|---|---|
| Tomas Hoger | 2016-04-28 18:02:27 UTC | CC | security-response-team | |
| Red Hat Bugzilla | 2016-04-28 18:02:27 UTC | Doc Type | --- | Bug Fix |
| Tomas Hoger | 2016-04-28 18:02:42 UTC | Blocks | 1330106 | |
| Tomas Hoger | 2016-04-28 20:27:28 UTC | Depends On | 1331569 | |
| Tomas Hoger | 2016-04-28 20:27:37 UTC | Depends On | 1331570 | |
| Hubert Kario | 2016-04-29 10:52:33 UTC | CC | hkario | |
| Tomas Hoger | 2016-04-29 20:54:41 UTC | Depends On | 1331865 | |
| Tomas Hoger | 2016-04-29 20:54:50 UTC | Depends On | 1331866 | |
| Huzaifa S. Sidhpurwala | 2016-05-02 08:21:35 UTC | Whiteboard | impact=moderate,public=20160503,reported=20160428,source=openssl,cvss2=5.1/AV:N/AC:H/Au:N/C:P/I:P/A:P,cwe=CWE-190->CWE-122,rhel-4/openssl=new,rhel-4/openssl096b=new,rhel-5/openssl=affected,rhel-5/openssl097a=new,rhel-6/openssl=affected,rhel-6/openssl098e=affected,rhel-7/openssl=affected,rhel-7/openssl098e=affected,fedora-all/openssl=affected,fedora-all/mingw-openssl=affected,eap-5/openssl=affected,eap-6/openssl=affected,jbews-2/openssl=affected,jbews-3/openssl=affected,epel-5/openssl101e=affected,epel-7/mingw-openssl=affected | impact=moderate,public=20160503,reported=20160428,source=openssl,cvss2=5.1/AV:N/AC:H/Au:N/C:P/I:P/A:P,cwe=CWE-190->CWE-122,rhel-4/openssl=wontfix,rhel-4/openssl096b=wontfix,rhel-5/openssl=affected,rhel-5/openssl097a=wontfix,rhel-6/openssl=affected,rhel-6/openssl098e=affected,rhel-7/openssl=affected,rhel-7/openssl098e=affected,fedora-all/openssl=affected,fedora-all/mingw-openssl=affected,eap-5/openssl=affected,eap-6/openssl=affected,jbews-2/openssl=affected,jbews-3/openssl=affected,epel-5/openssl101e=affected,epel-7/mingw-openssl=affected |
| Huzaifa S. Sidhpurwala | 2016-05-03 04:13:31 UTC | Doc Text | A buffer-overflow was found in the EVP_EncryptUpdate() function of OpenSSL when parsing very large amounts of input data. An attacker could use this flaw against an application compiled against OpenSSL and using this vulnerable function to cause the application to crash or possibly execute arbitrary code with the permissions of the user running the application. | |
| Martin Prpič | 2016-05-03 08:02:26 UTC | Doc Text | A buffer-overflow was found in the EVP_EncryptUpdate() function of OpenSSL when parsing very large amounts of input data. An attacker could use this flaw against an application compiled against OpenSSL and using this vulnerable function to cause the application to crash or possibly execute arbitrary code with the permissions of the user running the application. | A buffer overflow flaw was found in the way the EVP_EncryptUpdate() function of OpenSSL parsed very large amounts of input data. A remote attacker could use this flaw to crash an application using OpenSSL or, possibly, execute arbitrary code with the permissions of the user running that application. |
| Martin Prpič | 2016-05-03 14:25:28 UTC | Summary | EMBARGOED CVE-2016-2106 openssl: EVP_EncryptUpdate overflow | CVE-2016-2106 openssl: EVP_EncryptUpdate overflow |
| Martin Prpič | 2016-05-03 14:25:31 UTC | Group | security, qe_staff | |
| Martin Prpič | 2016-05-03 14:27:15 UTC | Depends On | 1332588 | |
| Martin Prpič | 2016-05-03 14:27:22 UTC | Depends On | 1332589 | |
| Martin Prpič | 2016-05-03 14:27:31 UTC | Depends On | 1332590 | |
| Martin Prpič | 2016-05-03 14:27:37 UTC | Depends On | 1332591 | |
| Martin Prpič | 2016-05-03 14:48:41 UTC | Doc Text | A buffer overflow flaw was found in the way the EVP_EncryptUpdate() function of OpenSSL parsed very large amounts of input data. A remote attacker could use this flaw to crash an application using OpenSSL or, possibly, execute arbitrary code with the permissions of the user running that application. | An integer overflow flaw, leading to a buffer overflow, was found in the way the EVP_EncryptUpdate() function of OpenSSL parsed very large amounts of input data. A remote attacker could use this flaw to crash an application using OpenSSL or, possibly, execute arbitrary code with the permissions of the user running that application. |
| Timothy Walsh | 2016-05-04 12:54:38 UTC | Whiteboard | impact=moderate,public=20160503,reported=20160428,source=openssl,cvss2=5.1/AV:N/AC:H/Au:N/C:P/I:P/A:P,cwe=CWE-190->CWE-122,rhel-4/openssl=wontfix,rhel-4/openssl096b=wontfix,rhel-5/openssl=affected,rhel-5/openssl097a=wontfix,rhel-6/openssl=affected,rhel-6/openssl098e=affected,rhel-7/openssl=affected,rhel-7/openssl098e=affected,fedora-all/openssl=affected,fedora-all/mingw-openssl=affected,eap-5/openssl=affected,eap-6/openssl=affected,jbews-2/openssl=affected,jbews-3/openssl=affected,epel-5/openssl101e=affected,epel-7/mingw-openssl=affected | impact=moderate,public=20160503,reported=20160428,source=openssl,cvss2=5.1/AV:N/AC:H/Au:N/C:P/I:P/A:P,cwe=CWE-190->CWE-122,rhel-4/openssl=wontfix,rhel-4/openssl096b=wontfix,rhel-5/openssl=affected,rhel-5/openssl097a=wontfix,rhel-6/openssl=affected,rhel-6/openssl098e=affected,rhel-7/openssl=affected,rhel-7/openssl098e=affected,fedora-all/openssl=affected,fedora-all/mingw-openssl=affected,eap-5/openssl=notaffected,eap-6/openssl=notaffected,jbews-2/openssl=notaffected,jbews-3/openssl=affected,epel-5/openssl101e=affected,epel-7/mingw-openssl=affected |
| Timothy Walsh | 2016-05-04 12:58:48 UTC | Depends On | 1332976 | |
| Slawomir Czarko | 2016-05-04 14:02:29 UTC | CC | slawomir | |
| Norman Sardella | 2016-05-05 10:33:30 UTC | CC | sardella | |
| Jay Shin | 2016-05-05 23:12:40 UTC | CC | jaeshin | |
| Link ID | Red Hat Knowledge Base (Solution) 2298211 | |||
| Ryan Parman | 2016-05-08 16:57:13 UTC | CC | ryan.parman | |
| Yasuhiro Ozone | 2016-05-09 04:59:09 UTC | CC | yozone | |
| Andrej Nemec | 2016-05-10 09:18:36 UTC | CC | anemec | |
| Whiteboard | impact=moderate,public=20160503,reported=20160428,source=openssl,cvss2=5.1/AV:N/AC:H/Au:N/C:P/I:P/A:P,cwe=CWE-190->CWE-122,rhel-4/openssl=wontfix,rhel-4/openssl096b=wontfix,rhel-5/openssl=affected,rhel-5/openssl097a=wontfix,rhel-6/openssl=affected,rhel-6/openssl098e=affected,rhel-7/openssl=affected,rhel-7/openssl098e=affected,fedora-all/openssl=affected,fedora-all/mingw-openssl=affected,eap-5/openssl=notaffected,eap-6/openssl=notaffected,jbews-2/openssl=notaffected,jbews-3/openssl=affected,epel-5/openssl101e=affected,epel-7/mingw-openssl=affected | impact=moderate,public=20160503,reported=20160428,source=openssl,cvss2=5.1/AV:N/AC:H/Au:N/C:P/I:P/A:P,cwe=CWE-190->CWE-122,rhel-4/openssl=wontfix,rhel-4/openssl096b=wontfix,rhel-5/openssl=wontfix,rhel-5/openssl097a=wontfix,rhel-6/openssl=affected,rhel-6/openssl098e=affected,rhel-7/openssl=affected,rhel-7/openssl098e=affected,fedora-all/openssl=affected,fedora-all/mingw-openssl=affected,eap-5/openssl=notaffected,eap-6/openssl=notaffected,jbews-2/openssl=notaffected,jbews-3/openssl=affected,epel-5/openssl101e=affected,epel-7/mingw-openssl=affected | ||
| Timothy Walsh | 2016-05-18 12:03:04 UTC | Whiteboard | impact=moderate,public=20160503,reported=20160428,source=openssl,cvss2=5.1/AV:N/AC:H/Au:N/C:P/I:P/A:P,cwe=CWE-190->CWE-122,rhel-4/openssl=wontfix,rhel-4/openssl096b=wontfix,rhel-5/openssl=wontfix,rhel-5/openssl097a=wontfix,rhel-6/openssl=affected,rhel-6/openssl098e=affected,rhel-7/openssl=affected,rhel-7/openssl098e=affected,fedora-all/openssl=affected,fedora-all/mingw-openssl=affected,eap-5/openssl=notaffected,eap-6/openssl=notaffected,jbews-2/openssl=notaffected,jbews-3/openssl=affected,epel-5/openssl101e=affected,epel-7/mingw-openssl=affected | impact=moderate,public=20160503,reported=20160428,source=openssl,cvss2=5.1/AV:N/AC:H/Au:N/C:P/I:P/A:P,cwe=CWE-190->CWE-122,rhel-4/openssl=wontfix,rhel-4/openssl096b=wontfix,rhel-5/openssl=wontfix,rhel-5/openssl097a=wontfix,rhel-6/openssl=affected,rhel-6/openssl098e=affected,rhel-7/openssl=affected,rhel-7/openssl098e=affected,fedora-all/openssl=affected,fedora-all/mingw-openssl=affected,eap-5/openssl=notaffected,eap-6/openssl=affected,jbews-2/openssl=affected,jbews-3/openssl=affected,epel-5/openssl101e=affected,epel-7/mingw-openssl=affected |
| Timothy Walsh | 2016-05-18 12:03:31 UTC | Depends On | 1337153 | |
| Timothy Walsh | 2016-05-18 12:03:34 UTC | Depends On | 1337154 | |
| Timothy Walsh | 2016-05-18 12:03:45 UTC | Depends On | 1337155 | |
| Michal Karm Babacek | 2016-07-19 09:37:53 UTC | CC | mbabacek, thoger | |
| Flags | needinfo?(thoger) | |||
| Tomas Hoger | 2016-07-19 09:46:03 UTC | CC | thoger | huzaifas |
| Flags | needinfo?(thoger) | needinfo?(huzaifas) | ||
| Huzaifa S. Sidhpurwala | 2016-07-20 04:54:18 UTC | Flags | needinfo?(huzaifas) | |
| Michal Karm Babacek | 2016-07-22 17:04:15 UTC | CC | thoger | |
| Flags | needinfo?(thoger) | |||
| Tomas Hoger | 2016-07-22 17:58:04 UTC | CC | thoger | |
| Flags | needinfo?(thoger) | needinfo?(huzaifas) | ||
| Huzaifa S. Sidhpurwala | 2016-07-25 06:27:42 UTC | Flags | needinfo?(huzaifas) | |
| Radim Hatlapatka | 2016-07-25 06:35:25 UTC | CC | rhatlapa | |
| Akshay Jain | 2016-08-10 12:26:56 UTC | CC | akjain | |
| Martin Prpič | 2016-08-15 08:29:27 UTC | Whiteboard | impact=moderate,public=20160503,reported=20160428,source=openssl,cvss2=5.1/AV:N/AC:H/Au:N/C:P/I:P/A:P,cwe=CWE-190->CWE-122,rhel-4/openssl=wontfix,rhel-4/openssl096b=wontfix,rhel-5/openssl=wontfix,rhel-5/openssl097a=wontfix,rhel-6/openssl=affected,rhel-6/openssl098e=affected,rhel-7/openssl=affected,rhel-7/openssl098e=affected,fedora-all/openssl=affected,fedora-all/mingw-openssl=affected,eap-5/openssl=notaffected,eap-6/openssl=affected,jbews-2/openssl=affected,jbews-3/openssl=affected,epel-5/openssl101e=affected,epel-7/mingw-openssl=affected | impact=moderate,public=20160503,reported=20160428,source=openssl,cvss2=5.1/AV:N/AC:H/Au:N/C:P/I:P/A:P,cwe=CWE-190->CWE-122,rhel-4/openssl=wontfix,rhel-4/openssl096b=wontfix,rhel-5/openssl=wontfix,rhel-5/openssl097a=wontfix,rhel-6/openssl=affected,rhel-6/openssl098e=affected,rhel-7/openssl=affected,rhel-7/openssl098e=affected,fedora-all/openssl=affected,fedora-all/mingw-openssl=affected,eap-5/openssl=notaffected,eap-6/openssl=affected,jbews-2/openssl=affected,jbews-3/openssl=affected,epel-5/openssl101e=affected,epel-7/mingw-openssl=affected,rhel-6.7.z/openssl=affected |
| Martin Prpič | 2016-08-15 08:32:12 UTC | Depends On | 1366994 | |
| Chess Hazlett | 2016-08-22 14:13:40 UTC | Whiteboard | impact=moderate,public=20160503,reported=20160428,source=openssl,cvss2=5.1/AV:N/AC:H/Au:N/C:P/I:P/A:P,cwe=CWE-190->CWE-122,rhel-4/openssl=wontfix,rhel-4/openssl096b=wontfix,rhel-5/openssl=wontfix,rhel-5/openssl097a=wontfix,rhel-6/openssl=affected,rhel-6/openssl098e=affected,rhel-7/openssl=affected,rhel-7/openssl098e=affected,fedora-all/openssl=affected,fedora-all/mingw-openssl=affected,eap-5/openssl=notaffected,eap-6/openssl=affected,jbews-2/openssl=affected,jbews-3/openssl=affected,epel-5/openssl101e=affected,epel-7/mingw-openssl=affected,rhel-6.7.z/openssl=affected | impact=moderate,public=20160503,reported=20160428,source=openssl,cvss2=5.1/AV:N/AC:H/Au:N/C:P/I:P/A:P,cvss3=5.6/CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L,cwe=CWE-190->CWE-122,rhel-4/openssl=wontfix,rhel-4/openssl096b=wontfix,rhel-5/openssl=wontfix,rhel-5/openssl097a=wontfix,rhel-6/openssl=affected,rhel-6/openssl098e=affected,rhel-7/openssl=affected,rhel-7/openssl098e=affected,fedora-all/openssl=affected,fedora-all/mingw-openssl=affected,eap-5/openssl=notaffected,eap-6/openssl=affected,jbews-2/openssl=affected,jbews-3/openssl=affected,epel-5/openssl101e=affected,epel-7/mingw-openssl=affected,rhel-6.7.z/openssl=affected |
| Chess Hazlett | 2016-08-22 18:32:41 UTC | CC | chazlett | |
| Timothy Walsh | 2016-11-15 02:21:44 UTC | CC | twalsh | |
| Timothy Walsh | 2017-01-19 06:55:25 UTC | Blocks | 1395463 | |
| Timothy Walsh | 2017-02-21 11:38:19 UTC | CC | bbaranow, bmaxwell, cdewolf, csutherl, dandread, darran.lofthouse, dosoudil, erik-fedora, gzaronik, huwang, jawilson, ktietz, lgao, marcandre.lureau, mturk, myarboro, pgier, psakar, pslavice, redhat-bugzilla, rjones, rnetuka, rsvoboda, vtunka | |
| Whiteboard | impact=moderate,public=20160503,reported=20160428,source=openssl,cvss2=5.1/AV:N/AC:H/Au:N/C:P/I:P/A:P,cvss3=5.6/CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L,cwe=CWE-190->CWE-122,rhel-4/openssl=wontfix,rhel-4/openssl096b=wontfix,rhel-5/openssl=wontfix,rhel-5/openssl097a=wontfix,rhel-6/openssl=affected,rhel-6/openssl098e=affected,rhel-7/openssl=affected,rhel-7/openssl098e=affected,fedora-all/openssl=affected,fedora-all/mingw-openssl=affected,eap-5/openssl=notaffected,eap-6/openssl=affected,jbews-2/openssl=affected,jbews-3/openssl=affected,epel-5/openssl101e=affected,epel-7/mingw-openssl=affected,rhel-6.7.z/openssl=affected | impact=moderate,public=20160503,reported=20160428,source=openssl,cvss2=5.1/AV:N/AC:H/Au:N/C:P/I:P/A:P,cvss3=5.6/CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L,cwe=CWE-190->CWE-122,rhel-4/openssl=wontfix,rhel-4/openssl096b=wontfix,rhel-5/openssl=wontfix,rhel-5/openssl097a=wontfix,rhel-6/openssl=affected,rhel-6/openssl098e=affected,rhel-7/openssl=affected,rhel-7/openssl098e=affected,fedora-all/openssl=affected,fedora-all/mingw-openssl=affected,eap-5/openssl=notaffected,eap-6/openssl=affected,jbews-2/openssl=affected,jbews-3/openssl=affected,epel-5/openssl101e=affected,epel-7/mingw-openssl=affected,rhel-6.7.z/openssl=affected,jbcs-1/openssl=affected | ||
| Tomas Hoger | 2017-02-22 12:25:13 UTC | Whiteboard | impact=moderate,public=20160503,reported=20160428,source=openssl,cvss2=5.1/AV:N/AC:H/Au:N/C:P/I:P/A:P,cvss3=5.6/CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L,cwe=CWE-190->CWE-122,rhel-4/openssl=wontfix,rhel-4/openssl096b=wontfix,rhel-5/openssl=wontfix,rhel-5/openssl097a=wontfix,rhel-6/openssl=affected,rhel-6/openssl098e=affected,rhel-7/openssl=affected,rhel-7/openssl098e=affected,fedora-all/openssl=affected,fedora-all/mingw-openssl=affected,eap-5/openssl=notaffected,eap-6/openssl=affected,jbews-2/openssl=affected,jbews-3/openssl=affected,epel-5/openssl101e=affected,epel-7/mingw-openssl=affected,rhel-6.7.z/openssl=affected,jbcs-1/openssl=affected | impact=moderate,public=20160503,reported=20160428,source=openssl,cvss2=5.1/AV:N/AC:H/Au:N/C:P/I:P/A:P,cvss3=5.6/CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L,cwe=CWE-190->CWE-122,rhel-4/openssl=wontfix,rhel-4/openssl096b=wontfix,rhel-5/openssl=wontfix,rhel-5/openssl097a=wontfix,rhel-6/openssl=affected,rhel-6/openssl098e=wontfix,rhel-7/openssl=affected,rhel-7/openssl098e=wontfix,fedora-all/openssl=affected,fedora-all/mingw-openssl=affected,eap-5/openssl=notaffected,eap-6/openssl=affected,jbews-2/openssl=affected,jbews-3/openssl=affected,epel-5/openssl101e=affected,epel-7/mingw-openssl=affected,rhel-6.7.z/openssl=affected,jbcs-1/openssl=affected |
| Tomas Hoger | 2017-02-22 12:27:56 UTC | Status | NEW | CLOSED |
| Resolution | --- | ERRATA | ||
| Last Closed | 2017-02-22 07:27:56 UTC | |||
| Product Security DevOps Team | 2019-09-29 13:48:22 UTC | Whiteboard | impact=moderate,public=20160503,reported=20160428,source=openssl,cvss2=5.1/AV:N/AC:H/Au:N/C:P/I:P/A:P,cvss3=5.6/CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L,cwe=CWE-190->CWE-122,rhel-4/openssl=wontfix,rhel-4/openssl096b=wontfix,rhel-5/openssl=wontfix,rhel-5/openssl097a=wontfix,rhel-6/openssl=affected,rhel-6/openssl098e=wontfix,rhel-7/openssl=affected,rhel-7/openssl098e=wontfix,fedora-all/openssl=affected,fedora-all/mingw-openssl=affected,eap-5/openssl=notaffected,eap-6/openssl=affected,jbews-2/openssl=affected,jbews-3/openssl=affected,epel-5/openssl101e=affected,epel-7/mingw-openssl=affected,rhel-6.7.z/openssl=affected,jbcs-1/openssl=affected | |
| Stanislav Ochotnicky | 2020-12-15 08:51:45 UTC | See Also | https://issues.redhat.com/browse/JBCS-86 |
Back to bug 1331536