[3.5] openssl: Multiple issues (CVE-2016-2179, CVE-2016-2181, CVE-2016-2182, CVE-2016-6302, CVE-2016-6303)
CVE-2016-2179:
The DTLS implementation in OpenSSL before 1.1.0 does not properly
restrict the lifetime of queue entries associated with
unused out-of-order messages, which allows remote attackers to cause a
denial of service (memory consumption) by maintaining
many crafted DTLS sessions simultaneously, related to d1_lib.c,
statem_dtls.c, statem_lib.c, and statem_srvr.c.
Reference:
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-2179
CVE-2016-2181:
The Anti-Replay feature in the DTLS implementation in OpenSSL before
1.1.0 mishandles early use of a new epoch number in
conjunction with a large sequence number, which allows remote attackers
to cause a denial of service (false-positive packet drops)
via spoofed DTLS records, related to rec_layer_d1.c and
ssl3_record.c.
Reference:
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-2181
CVE-2016-2182:
The BN_bn2dec function in crypto/bn/bn_print.c in OpenSSL before 1.1.0
does not properly validate division results,
which allows remote attackers to cause a denial of service
(out-of-bounds write and application crash) or possibly have unspecified
other impact via unknown vectors.
Reference:
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-2182
CVE-2016-6302:
The tls_decrypt_ticket function in ssl/t1_lib.c in OpenSSL before
1.1.0 does not consider the HMAC size during validation of
the ticket length, which allows remote attackers to cause a denial of
service via a ticket that is too short.
Reference:
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-6302
CVE-2016-6303:
The tls_decrypt_ticket function in ssl/t1_lib.c in OpenSSL before
1.1.0 does not consider the HMAC size during validation
of the ticket length, which allows remote attackers to cause a denial of
service via a ticket that is too short.
Reference:
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-6303
(from redmine: issue id 6176, created on 2016-09-19, closed on 2016-09-20)
- Relations:
- parent #6175 (closed)
- Changesets:
- Revision 34653202 by Natanael Copa on 2016-09-19T10:48:36Z:
main/openssl: backport various secfixes
fixes #6176
- CVE-2016-2179
- CVE-2016-2181
- CVE-2016-2182
- CVE-2016-6302
- CVE-2016-6303
- Revision db315ee2 by Natanael Copa on 2016-09-19T12:35:59Z:
main/openssl: fix patch for CVE-2016-2181
Add a missing patch.
ref #6176