Bugzilla will be upgraded to version 5.0. The upgrade date is tentatively scheduled for 2 December 2018, pending final testing and feedback.
First Last Prev Next    This bug is not in your last search results.
Bug 1377594 - (CVE-2016-6306) CVE-2016-6306 openssl: certificate message OOB reads
CVE-2016-6306 openssl: certificate message OOB reads
Status: NEW
Product: Security Response
Classification: Other
Component: vulnerability (Show other bugs)
unspecified
All Linux
low Severity low
: ---
: ---
Assigned To: Red Hat Product Security
impact=low,public=20160921,reported=2...
: Security
Depends On: 1378410 1378411 1381817 1381818 1377623 1377624 1377625 1377626 1378408 1378409
Blocks: 1367347
  Show dependency treegraph
 
Reported: 2016-09-20 03:51 EDT by Tomas Hoger
Modified: 2018-08-16 00:59 EDT (History)
37 users (show)

See Also:
Fixed In Version: openssl 1.0.1u, openssl 1.0.2i
Doc Type: If docs needed, set a value
Doc Text:
Multiple out of bounds read flaws were found in the way OpenSSL handled certain TLS/SSL protocol handshake messages. A remote attacker could possibly use these flaws to crash a TLS/SSL server or client using OpenSSL.
Story Points: ---
Clone Of:
Environment:
Last Closed:
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)
OpenSSL upstream fix (2.95 KB, patch)
2016-09-20 04:01 EDT, Tomas Hoger 		no flags Details | Diff
Show Obsolete (1) Add an attachment (proposed patch, testcase, etc.)


External Trackers
Tracker ID Priority Status Summary Last Updated
Red Hat Knowledge Base (Solution) 2662211 None None None 2016-09-27 20:44 EDT
Red Hat Product Errata RHSA-2016:1940 normal SHIPPED_LIVE Important: openssl security update 2016-09-27 13:46:00 EDT
Red Hat Product Errata RHSA-2018:2185 None None None 2018-07-12 12:16 EDT
Red Hat Product Errata RHSA-2018:2186 None None None 2018-07-12 12:14 EDT
Red Hat Product Errata RHSA-2018:2187 None None None 2018-07-12 12:05 EDT

  None (edit)
Description Tomas Hoger 2016-09-20 03:51:51 EDT 
Quoting form the draft of the OpenSSL upstream advisory:

Certificate message OOB reads (CVE-2016-6306)
=============================================

Severity: Low

In OpenSSL 1.0.2 and earlier some missing message length checks can result in
OOB reads of up to 2 bytes beyond an allocated buffer. There is a theoretical
DoS risk but this has not been observed in practice on common platforms.

The messages affected are client certificate, client certificate request and
server certificate. As a result the attack can only be performed against
a client or a server which enables client authentication.

OpenSSL 1.1.0 is not affected.

OpenSSL 1.0.2 users should upgrade to 1.0.2i
OpenSSL 1.0.1 users should upgrade to 1.0.1u

This issue was reported to OpenSSL on 22nd August 2016 by Shi Lei (Gear Team,
Qihoo 360 Inc.). The fix was developed by Stephen Henson of the OpenSSL
development team.
Comment 1 Tomas Hoger 2016-09-20 03:51:57 EDT 
Acknowledgments:

Name: the OpenSSL project
Upstream: Shi Lei (Gear Team of Qihoo 360 Inc.)
Comment 2 Tomas Hoger 2016-09-20 04:01 EDT 
Created attachment 1202764 [details]
OpenSSL upstream fix
Comment 5 Tomas Hoger 2016-09-21 17:41:13 EDT 
Additional follow-up patch to avoid protection against similar short over reads:

https://git.openssl.org/?p=openssl.git;a=commitdiff;h=bb1a4866034255749ac578adb06a76335fc117b1

Similar change was part of the patch attached in comment 2, but was extended to cover both TLS/SSL and DTLS.
Comment 6 Tomas Hoger 2016-09-22 06:58:53 EDT 
Public now via upstream advisory.

External Reference:

https://www.openssl.org/news/secadv/20160922.txt
Comment 7 Tomas Hoger 2016-09-22 07:03:34 EDT 
Created openssl101e tracking bugs for this issue:

Affects: epel-5 [bug 1378409]
Comment 8 Tomas Hoger 2016-09-22 07:03:41 EDT 
Created openssl tracking bugs for this issue:

Affects: fedora-all [bug 1378408]
Comment 9 Tomas Hoger 2016-09-22 07:03:47 EDT 
Created mingw-openssl tracking bugs for this issue:

Affects: fedora-all [bug 1378410]
Affects: epel-7 [bug 1378411]
Comment 10 errata-xmlrpc 2016-09-27 09:55:18 EDT 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 6
  Red Hat Enterprise Linux 7

Via RHSA-2016:1940 https://rhn.redhat.com/errata/RHSA-2016-1940.html
Comment 13 errata-xmlrpc 2018-07-12 12:04:56 EDT 
This issue has been addressed in the following products:

  Red Hat JBoss Core Services

Via RHSA-2018:2187 https://access.redhat.com/errata/RHSA-2018:2187
Comment 14 errata-xmlrpc 2018-07-12 12:14:35 EDT 
This issue has been addressed in the following products:

  JBoss Core Services on RHEL 6

Via RHSA-2018:2186 https://access.redhat.com/errata/RHSA-2018:2186
Comment 15 errata-xmlrpc 2018-07-12 12:16:38 EDT 
This issue has been addressed in the following products:

  JBoss Core Services on RHEL 7

Via RHSA-2018:2185 https://access.redhat.com/errata/RHSA-2018:2185
Note You need to log in before you can comment on or make changes to this bug.
First Last Prev Next    This bug is not in your last search results.