Bug 1393930 (CVE-2016-7053)

Summary: CVE-2016-7053 openssl: CMS Null dereference vulnerability
Product: [Other] Security Response Reporter: Adam Mariš <amaris>
Component: vulnerabilityAssignee: Red Hat Product Security <security-response-team>
Status: CLOSED NOTABUG QA Contact:
Severity: medium Docs Contact:
Priority: medium    
Version: unspecifiedCC: bbaranow, bmaxwell, cdewolf, csutherl, dandread, darran.lofthouse, dosoudil, erik-fedora, gzaronik, jawilson, jclere, ktietz, lersek, lgao, marcandre.lureau, mbabacek, myarboro, pgier, psakar, pslavice, redhat-bugzilla, rjones, rnetuka, rsvoboda, sardella, tmraz, twalsh, vtunka, weli, yozone
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
Fixed In Version: openssl 1.1.0c Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2016-11-10 16:21:43 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:

Description Adam Mariš 2016-11-10 16:18:21 UTC
Quoting form the OpenSSL upstream advisory:

CMS Null dereference (CVE-2016-7053)

Severity: Moderate

Applications parsing invalid CMS structures can crash with a NULL pointer
dereference. This is caused by a bug in the handling of the ASN.1 CHOICE type
in OpenSSL 1.1.0 which can result in a NULL value being passed to the structure
callback if an attempt is made to free certain invalid encodings. Only CHOICE
structures using a callback which do not handle NULL value are affected.

OpenSSL 1.1.0 users should upgrade to 1.1.0c

This issue does not affect OpenSSL versions prior to 1.1.0

This issue was reported to OpenSSL on 12th October 2016 by Tyler Nighswander of
ForAllSecure. The fix was developed by Stephen Henson of the OpenSSL
development team.

External References:


Comment 1 Adam Mariš 2016-11-10 16:18:45 UTC

Name: the OpenSSL project
Upstream: Tyler Nighswander (ForAllSecure)