Back to bug 1369855
| Who | When | What | Removed | Added |
|---|---|---|---|---|
| Adam Mariš | 2016-08-24 14:39:43 UTC | Depends On | 1369858 | |
| Adam Mariš | 2016-08-24 14:39:52 UTC | Depends On | 1369860 | |
| Adam Mariš | 2016-08-24 14:40:03 UTC | Depends On | 1369861 | |
| Adam Mariš | 2016-08-24 14:44:07 UTC | Whiteboard | impact=moderate,public=20160823,reported=20160824,source=suse,cvss2=4.3/AV:N/AC:M/Au:N/C:N/I:N/A:P,cvss3=5.3/CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L,cwe=CWE-20,rhel-5/openssl=new,rhel-5/openssl097a=new,rhel-6/openssl=new,rhel-6/openssl098e=new,rhel-7/openssl=new,rhel-7/openssl098e=new,jbews-1/openssl=new,jbews-2/openssl=new,jbews-3/openssl=new,eap-6/openssl=new,fedora-all/openssl=affected,fedora-all/mingw-openssl=affected,epel-5/openssl101e=affected | impact=moderate,public=20160823,reported=20160824,source=suse,cvss2=4.3/AV:N/AC:M/Au:N/C:N/I:N/A:P,cvss3=5.3/CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L,cwe=CWE-20,rhel-5/openssl=new,rhel-5/openssl097a=new,rhel-6/openssl=new,rhel-6/openssl098e=new,rhel-7/openssl=new,rhel-7/openssl098e=new,rhel-7/OVMF=new,jbews-1/openssl=new,jbews-2/openssl=new,jbews-3/openssl=new,eap-6/openssl=new,fedora-all/openssl=affected,fedora-all/mingw-openssl=affected,epel-5/openssl101e=affected |
| Adam Mariš | 2016-08-24 14:44:19 UTC | CC | lersek | |
| Adam Mariš | 2016-08-24 14:57:06 UTC | Blocks | 1369869 | |
| Slawomir Czarko | 2016-08-25 09:18:30 UTC | CC | slawomir | |
| Tomas Hoger | 2016-08-25 11:11:55 UTC | Blocks | 1369869 | 1367347 |
| Norman Sardella | 2016-08-25 18:21:50 UTC | CC | sardella | |
| Tomas Hoger | 2016-09-16 20:53:33 UTC | Whiteboard | impact=moderate,public=20160823,reported=20160824,source=suse,cvss2=4.3/AV:N/AC:M/Au:N/C:N/I:N/A:P,cvss3=5.3/CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L,cwe=CWE-20,rhel-5/openssl=new,rhel-5/openssl097a=new,rhel-6/openssl=new,rhel-6/openssl098e=new,rhel-7/openssl=new,rhel-7/openssl098e=new,rhel-7/OVMF=new,jbews-1/openssl=new,jbews-2/openssl=new,jbews-3/openssl=new,eap-6/openssl=new,fedora-all/openssl=affected,fedora-all/mingw-openssl=affected,epel-5/openssl101e=affected | impact=moderate,public=20160823,reported=20160824,source=suse,cvss2=4.3/AV:N/AC:M/Au:N/C:N/I:N/A:P,cvss3=5.3/CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L,cwe=CWE-20,rhel-5/openssl=notaffected,rhel-5/openssl097a=notaffected,rhel-6/openssl=affected,rhel-6/openssl098e=notaffected,rhel-7/openssl=affected,rhel-7/openssl098e=notaffected,rhel-7/OVMF=notaffected,jbews-1/openssl=new,jbews-2/openssl=new,jbews-3/openssl=new,eap-6/openssl=new,fedora-all/openssl=affected,fedora-all/mingw-openssl=affected,epel-5/openssl101e=affected |
| Tomas Hoger | 2016-09-19 12:26:50 UTC | Whiteboard | impact=moderate,public=20160823,reported=20160824,source=suse,cvss2=4.3/AV:N/AC:M/Au:N/C:N/I:N/A:P,cvss3=5.3/CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L,cwe=CWE-20,rhel-5/openssl=notaffected,rhel-5/openssl097a=notaffected,rhel-6/openssl=affected,rhel-6/openssl098e=notaffected,rhel-7/openssl=affected,rhel-7/openssl098e=notaffected,rhel-7/OVMF=notaffected,jbews-1/openssl=new,jbews-2/openssl=new,jbews-3/openssl=new,eap-6/openssl=new,fedora-all/openssl=affected,fedora-all/mingw-openssl=affected,epel-5/openssl101e=affected | impact=moderate,public=20160823,reported=20160824,source=suse,cvss2=4.3/AV:N/AC:M/Au:N/C:N/I:N/A:P,cvss3=5.9/CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H,cwe=CWE-190->CWE-125,rhel-5/openssl=notaffected,rhel-5/openssl097a=notaffected,rhel-6/openssl=affected,rhel-6/openssl098e=notaffected,rhel-7/openssl=affected,rhel-7/openssl098e=notaffected,rhel-7/OVMF=notaffected,jbews-1/openssl=new,jbews-2/openssl=new,jbews-3/openssl=new,eap-6/openssl=new,fedora-all/openssl=affected,fedora-all/mingw-openssl=affected,epel-5/openssl101e=affected |
| Tomas Hoger | 2016-09-19 12:47:26 UTC | Summary | CVE-2016-6302 openssl: Insufficient ticket sanity checks | CVE-2016-6302 openssl: Insufficient TLS session ticket HMAC length checks |
| Tomas Hoger | 2016-09-20 08:47:42 UTC | Depends On | 1377623 | |
| Tomas Hoger | 2016-09-20 08:47:52 UTC | Depends On | 1377624 | |
| Tomas Hoger | 2016-09-20 08:48:04 UTC | Depends On | 1377625 | |
| Tomas Hoger | 2016-09-20 08:48:11 UTC | Depends On | 1377626 | |
| Tomas Hoger | 2016-09-21 11:28:46 UTC | Doc Text | An integer underflow flaw leading to a buffer over-read was found in the way OpenSSL parsed TLS session tickets. A remote attacker could use this flaw to crash a TLS server using OpenSSL it it used SHA-512 as HMAC for session tickets. | |
| Tomas Hoger | 2016-09-22 12:06:02 UTC | Fixed In Version | openssl 1.0.1u, openssl 1.0.2i | |
| Eric Christensen | 2016-09-22 12:17:56 UTC | Doc Text | An integer underflow flaw leading to a buffer over-read was found in the way OpenSSL parsed TLS session tickets. A remote attacker could use this flaw to crash a TLS server using OpenSSL it it used SHA-512 as HMAC for session tickets. | An integer underflow flaw leading to a buffer over-read was found in the way OpenSSL parsed TLS session tickets. A remote attacker could use this flaw to crash a TLS server using OpenSSL with SHA-512 as HMAC for session tickets. |
| Eric Christensen | 2016-09-22 12:24:11 UTC | Doc Text | An integer underflow flaw leading to a buffer over-read was found in the way OpenSSL parsed TLS session tickets. A remote attacker could use this flaw to crash a TLS server using OpenSSL with SHA-512 as HMAC for session tickets. | An integer underflow flaw leading to a buffer over-read was found in the way OpenSSL parsed TLS session tickets. A remote attacker could use this flaw to crash a TLS server using OpenSSL if it used SHA-512 as HMAC for session tickets. |
| Yasuhiro Ozone | 2016-09-26 09:54:34 UTC | CC | yozone | |
| Apurbita Mukherjee | 2016-09-26 13:20:08 UTC | CC | apmukher | |
| Jay Shin | 2016-09-28 00:43:12 UTC | CC | jaeshin | |
| Link ID | Red Hat Knowledge Base (Solution) 2662211 | |||
| Timothy Walsh | 2016-10-05 06:00:11 UTC | Whiteboard | impact=moderate,public=20160823,reported=20160824,source=suse,cvss2=4.3/AV:N/AC:M/Au:N/C:N/I:N/A:P,cvss3=5.9/CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H,cwe=CWE-190->CWE-125,rhel-5/openssl=notaffected,rhel-5/openssl097a=notaffected,rhel-6/openssl=affected,rhel-6/openssl098e=notaffected,rhel-7/openssl=affected,rhel-7/openssl098e=notaffected,rhel-7/OVMF=notaffected,jbews-1/openssl=new,jbews-2/openssl=new,jbews-3/openssl=new,eap-6/openssl=new,fedora-all/openssl=affected,fedora-all/mingw-openssl=affected,epel-5/openssl101e=affected | impact=moderate,public=20160823,reported=20160824,source=suse,cvss2=4.3/AV:N/AC:M/Au:N/C:N/I:N/A:P,cvss3=5.9/CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H,cwe=CWE-190->CWE-125,rhel-5/openssl=notaffected,rhel-5/openssl097a=notaffected,rhel-6/openssl=affected,rhel-6/openssl098e=notaffected,rhel-7/openssl=affected,rhel-7/openssl098e=notaffected,rhel-7/OVMF=notaffected,jbews-1/openssl=wontfix,jbews-2/openssl=wontfix,jbews-3/openssl=affected,jbcs-1/openssl=affected,eap-6/openssl=affected,fedora-all/openssl=affected,fedora-all/mingw-openssl=affected,epel-5/openssl101e=affected |
| Timothy Walsh | 2016-10-05 06:00:23 UTC | CC | mturk | |
| Timothy Walsh | 2016-10-05 06:01:30 UTC | Depends On | 1381802 | |
| Timothy Walsh | 2016-10-05 06:01:41 UTC | Depends On | 1381803 | |
| Timothy Walsh | 2017-02-21 04:41:12 UTC | Whiteboard | impact=moderate,public=20160823,reported=20160824,source=suse,cvss2=4.3/AV:N/AC:M/Au:N/C:N/I:N/A:P,cvss3=5.9/CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H,cwe=CWE-190->CWE-125,rhel-5/openssl=notaffected,rhel-5/openssl097a=notaffected,rhel-6/openssl=affected,rhel-6/openssl098e=notaffected,rhel-7/openssl=affected,rhel-7/openssl098e=notaffected,rhel-7/OVMF=notaffected,jbews-1/openssl=wontfix,jbews-2/openssl=wontfix,jbews-3/openssl=affected,jbcs-1/openssl=affected,eap-6/openssl=affected,fedora-all/openssl=affected,fedora-all/mingw-openssl=affected,epel-5/openssl101e=affected | impact=moderate,public=20160823,reported=20160824,source=suse,cvss2=4.3/AV:N/AC:M/Au:N/C:N/I:N/A:P,cvss3=5.9/CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H,cwe=CWE-190->CWE-125,rhel-5/openssl=notaffected,rhel-5/openssl097a=notaffected,rhel-6/openssl=affected,rhel-6/openssl098e=notaffected,rhel-7/openssl=affected,rhel-7/openssl098e=notaffected,rhel-7/OVMF=notaffected,jbews-1/openssl=wontfix,jbews-2/openssl=wontfix,jbews-3/openssl=defer,jbcs-1/openssl=affected,eap-6/openssl=affected,fedora-all/openssl=affected,fedora-all/mingw-openssl=affected,epel-5/openssl101e=affected |
| errata-xmlrpc | 2018-07-12 16:05:11 UTC | Link ID | Red Hat Product Errata RHSA-2018:2187 | |
| errata-xmlrpc | 2018-07-12 16:14:27 UTC | Link ID | Red Hat Product Errata RHSA-2018:2186 | |
| errata-xmlrpc | 2018-07-12 16:16:49 UTC | Link ID | Red Hat Product Errata RHSA-2018:2185 | |
| Product Security DevOps Team | 2019-06-08 02:57:52 UTC | Status | NEW | CLOSED |
| Resolution | --- | ERRATA | ||
| Last Closed | 2019-06-08 02:57:52 UTC | |||
| Product Security DevOps Team | 2019-09-29 13:55:15 UTC | Whiteboard | impact=moderate,public=20160823,reported=20160824,source=suse,cvss2=4.3/AV:N/AC:M/Au:N/C:N/I:N/A:P,cvss3=5.9/CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H,cwe=CWE-190->CWE-125,rhel-5/openssl=notaffected,rhel-5/openssl097a=notaffected,rhel-6/openssl=affected,rhel-6/openssl098e=notaffected,rhel-7/openssl=affected,rhel-7/openssl098e=notaffected,rhel-7/OVMF=notaffected,jbews-1/openssl=wontfix,jbews-2/openssl=wontfix,jbews-3/openssl=defer,jbcs-1/openssl=affected,eap-6/openssl=affected,fedora-all/openssl=affected,fedora-all/mingw-openssl=affected,epel-5/openssl101e=affected |
Back to bug 1369855