Bug 1310596 (CVE-2016-0705)
| Summary: | CVE-2016-0705 OpenSSL: Double-free in DSA code | ||||||
|---|---|---|---|---|---|---|---|
| Product: | [Other] Security Response | Reporter: | Huzaifa S. Sidhpurwala <huzaifas> | ||||
| Component: | vulnerability | Assignee: | Red Hat Product Security <security-response-team> | ||||
| Status: | CLOSED ERRATA | QA Contact: | |||||
| Severity: | low | Docs Contact: | |||||
| Priority: | low | ||||||
| Version: | unspecified | CC: | bbaranow, bmaxwell, cdewolf, csutherl, dandread, darran.lofthouse, dosoudil, fdeutsch, gzaronik, hkario, jawilson, jgreguske, lgao, myarboro, pgier, psakar, pslavice, rnetuka, rsvoboda, sardella, security-response-team, slawomir, tmraz, twalsh, vtunka, yozone | ||||
| Target Milestone: | --- | Keywords: | Security | ||||
| Target Release: | --- | ||||||
| Hardware: | All | ||||||
| OS: | Linux | ||||||
| Whiteboard: | |||||||
| Fixed In Version: | openssl 1.0.1s, openssl 1.0.2g | Doc Type: | Bug Fix | ||||
| Doc Text: |
A double-free flaw was found in the way OpenSSL parsed certain malformed DSA (Digital Signature Algorithm) private keys. An attacker could create specially crafted DSA private keys that, when processed by an application compiled against OpenSSL, could cause the application to crash.
|
Story Points: | --- | ||||
| Clone Of: | Environment: | ||||||
| Last Closed: | 2019-06-08 02:48:25 UTC | Type: | --- | ||||
| Regression: | --- | Mount Type: | --- | ||||
| Documentation: | --- | CRM: | |||||
| Verified Versions: | Category: | --- | |||||
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||
| Cloudforms Team: | --- | Target Upstream Version: | |||||
| Embargoed: | |||||||
| Bug Depends On: | 1301849, 1301850, 1301851, 1301852, 1312860, 1312861, 1312862, 1313535, 1313595, 1313598, 1331754, 1618719, 1618720, 1618721, 1624844, 1624845 | ||||||
| Bug Blocks: | 1301847, 1395463 | ||||||
| Attachments: |
|
||||||
|
Description
Huzaifa S. Sidhpurwala
2016-02-22 10:31:19 UTC
Created attachment 1129420 [details]
Upstream patch
Public via: Upstream patch: http://git.openssl.org/?p=openssl.git;a=commitdiff;h=ab4a81f69ec88d06c9d8de15326b9296d7f498ed Created openssl101e tracking bugs for this issue: Affects: epel-5 [bug 1312862] Created openssl tracking bugs for this issue: Affects: fedora-all [bug 1312860] Created mingw-openssl tracking bugs for this issue: Affects: fedora-all [bug 1312861] Acknowledgments: Name: the OpenSSL project Upstream: Adam Langley (Google/BoringSSL) This issue has been addressed in the following products: Red Hat Enterprise Linux 6 Red Hat Enterprise Linux 7 Via RHSA-2016:0301 https://rhn.redhat.com/errata/RHSA-2016-0301.html openssl-1.0.2g-2.fc23 has been pushed to the Fedora 23 stable repository. If problems still persist, please make note of it in this bug report. This issue has been addressed in the following products: RHEV-H and Agents for RHEL-6 RHEV-H and Agents for RHEL-7 Via RHSA-2016:0379 https://rhn.redhat.com/errata/RHSA-2016-0379.html openssl-1.0.1k-14.fc22 has been pushed to the Fedora 22 stable repository. If problems still persist, please make note of it in this bug report. openssl101e-1.0.1e-7.el5 has been pushed to the Fedora EPEL 5 stable repository. If problems still persist, please make note of it in this bug report. This issue has been addressed in the following products: Via RHSA-2016:2957 https://rhn.redhat.com/errata/RHSA-2016-2957.html This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Supplementary Via RHSA-2018:2568 https://access.redhat.com/errata/RHSA-2018:2568 This issue has been addressed in the following products: Red Hat Enterprise Linux 6 Supplementary Via RHSA-2018:2575 https://access.redhat.com/errata/RHSA-2018:2575 This issue has been addressed in the following products: Red Hat Satellite 5.8 Via RHSA-2018:2713 https://access.redhat.com/errata/RHSA-2018:2713 |