Bug 1331563 – CVE-2016-2176 openssl: EBCDIC overread in X509_NAME_oneline()

Bugzilla will be upgraded to version 5.0 on a still to be determined date in the near future. The original upgrade date has been delayed.

Bug 1331563 - (CVE-2016-2176) CVE-2016-2176 openssl: EBCDIC overread in X509_NAME_oneline()

Summary:	CVE-2016-2176 openssl: EBCDIC overread in X509_NAME_oneline()

Status:	CLOSED NOTABUG

Aliases:	CVE-2016-2176

Product:	Security Response
Classification:	Other
Component:	vulnerability (Show other bugs)
Sub Component:
Version:	unspecified
Hardware:	All Linux

Priority	low Severity low
Target Milestone:	---
Target Release:	---
Assigned To:	Red Hat Product Security
QA Contact:
Docs Contact:

URL:
Whiteboard:	impact=low,public=20160503,reported=2...
Keywords:	Security

Depends On:
Blocks:	1330106
	Show dependency tree / graph

Reported:	2016-04-28 15:41 EDT by Tomas Hoger
Modified:	2016-05-08 12:57 EDT (History)
CC List:	3 users (show)

See Also:
Fixed In Version:	openssl 1.0.1t, openssl 1.0.2h
Doc Type:	Bug Fix
Doc Text:
Story Points:	---
Clone Of:
Environment:
Last Closed:	2016-04-28 15:45:14 EDT
Type:	---
Regression:	---
Mount Type:	---
Documentation:	---
CRM:
Verified Versions:
Category:	---
oVirt Team:	---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team:	---

Attachments	(Terms of Use)
OpenSSL upstream fix (10.98 KB, patch) 2016-04-28 15:43 EDT, Tomas Hoger	no flags	Details \| Diff
Add an attachment (proposed patch, testcase, etc.)

Groups: None (edit)

Description Tomas Hoger 2016-04-28 15:41:14 EDT

Quoting form the draft of OpenSSL upstream advisory:

EBCDIC overread (CVE-2016-2176)
===============================

Severity: Low

ASN1 Strings that are over 1024 bytes can cause an overread in applications
using the X509_NAME_oneline() function on EBCDIC systems. This could result in
arbitrary stack data being returned in the buffer.

OpenSSL 1.0.2 users should upgrade to 1.0.2h
OpenSSL 1.0.1 users should upgrade to 1.0.1t

This issue was reported to OpenSSL on 5th March 2016 by Guido Vranken. The
fix was developed by Matt Caswell of the OpenSSL development team.

Comment 1 Tomas Hoger 2016-04-28 15:41:24 EDT

Acknowledgments:

Name: the OpenSSL project
Upstream: Guido Vranken

Comment 2 Tomas Hoger 2016-04-28 15:43 EDT

Created attachment 1152051 [details]
OpenSSL upstream fix

Comment 3 Tomas Hoger 2016-04-28 15:45:14 EDT

OpenSSL packages distributed by Red Hat do not enable EBCDIC support and are therefore unaffected by this issue.

Comment 4 Martin Prpič 2016-05-03 10:19:39 EDT

External References:

https://openssl.org/news/secadv/20160503.txt

Comment 5 Tomas Hoger 2016-05-04 08:55:34 EDT

Upstream commit:

https://git.openssl.org/?p=openssl.git;a=commitdiff;h=2919516136a4227d9e6d8f2fe66ef976aaf8c561

Note You need to log in before you can comment on or make changes to this bug.