Hide Forgot
Quoting form the draft of the OpenSSL upstream advisory: Certificate message OOB reads (CVE-2016-6306) ============================================= Severity: Low In OpenSSL 1.0.2 and earlier some missing message length checks can result in OOB reads of up to 2 bytes beyond an allocated buffer. There is a theoretical DoS risk but this has not been observed in practice on common platforms. The messages affected are client certificate, client certificate request and server certificate. As a result the attack can only be performed against a client or a server which enables client authentication. OpenSSL 1.1.0 is not affected. OpenSSL 1.0.2 users should upgrade to 1.0.2i OpenSSL 1.0.1 users should upgrade to 1.0.1u This issue was reported to OpenSSL on 22nd August 2016 by Shi Lei (Gear Team, Qihoo 360 Inc.). The fix was developed by Stephen Henson of the OpenSSL development team.
Acknowledgments: Name: the OpenSSL project Upstream: Shi Lei (Gear Team of Qihoo 360 Inc.)
Created attachment 1202764 [details] OpenSSL upstream fix
Upstream commit: https://git.openssl.org/?p=openssl.git;a=commitdiff;h=52e623c4cb06fffa9d5e75c60b34b4bc130b12e9
Additional follow-up patch to avoid protection against similar short over reads: https://git.openssl.org/?p=openssl.git;a=commitdiff;h=bb1a4866034255749ac578adb06a76335fc117b1 Similar change was part of the patch attached in comment 2, but was extended to cover both TLS/SSL and DTLS.
Public now via upstream advisory. External Reference: https://www.openssl.org/news/secadv/20160922.txt
Created openssl101e tracking bugs for this issue: Affects: epel-5 [bug 1378409]
Created openssl tracking bugs for this issue: Affects: fedora-all [bug 1378408]
Created mingw-openssl tracking bugs for this issue: Affects: fedora-all [bug 1378410] Affects: epel-7 [bug 1378411]
This issue has been addressed in the following products: Red Hat Enterprise Linux 6 Red Hat Enterprise Linux 7 Via RHSA-2016:1940 https://rhn.redhat.com/errata/RHSA-2016-1940.html
This issue has been addressed in the following products: Red Hat JBoss Core Services Via RHSA-2018:2187 https://access.redhat.com/errata/RHSA-2018:2187
This issue has been addressed in the following products: JBoss Core Services on RHEL 6 Via RHSA-2018:2186 https://access.redhat.com/errata/RHSA-2018:2186
This issue has been addressed in the following products: JBoss Core Services on RHEL 7 Via RHSA-2018:2185 https://access.redhat.com/errata/RHSA-2018:2185