Huzaifa Sidhpurwala, Hanno Böck, and David Benjamin discovered that OpenSSL incorrectly handled memory when decoding ASN.1 structures. A remote attacker could use this issue to cause OpenSSL to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2016-2108)
Juraj Somorovsky discovered that OpenSSL incorrectly performed padding when the connection uses the AES CBC cipher and the server supports AES-NI. A remote attacker could possibly use this issue to perform a padding oracle attack and decrypt traffic. (CVE-2016-2107)
Guido Vranken discovered that OpenSSL incorrectly handled large amounts of input data to the EVP_EncodeUpdate() function. A remote attacker could use this issue to cause OpenSSL to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2016-2105)
Guido Vranken discovered that OpenSSL incorrectly handled large amounts of input data to the EVP_EncryptUpdate() function. A remote attacker could use this issue to cause OpenSSL to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2016-2106)
Brian Carpenter discovered that OpenSSL incorrectly handled memory when ASN.1 data is read from a BIO. A remote attacker could possibly use this issue to cause memory consumption, resulting in a denial of service. (CVE-2016-2109)
As a security improvement, this update also modifies OpenSSL behaviour to reject DH key sizes below 1024 bits, preventing a possible downgrade attack.
{ "availability": "No subscription required", "binaries": [ { "libssl1.0.0-udeb-dbgsym": "1.0.1f-1ubuntu2.19", "libssl-dev": "1.0.1f-1ubuntu2.19", "libssl1.0.0": "1.0.1f-1ubuntu2.19", "libssl-doc": "1.0.1f-1ubuntu2.19", "libcrypto1.0.0-udeb-dbgsym": "1.0.1f-1ubuntu2.19", "libssl1.0.0-dbg": "1.0.1f-1ubuntu2.19", "libssl-dev-dbgsym": "1.0.1f-1ubuntu2.19", "openssl": "1.0.1f-1ubuntu2.19", "openssl-dbgsym": "1.0.1f-1ubuntu2.19", "libssl1.0.0-udeb": "1.0.1f-1ubuntu2.19", "libssl1.0.0-dbgsym": "1.0.1f-1ubuntu2.19", "libcrypto1.0.0-udeb": "1.0.1f-1ubuntu2.19" } ] }
{ "availability": "No subscription required", "binaries": [ { "libssl1.0.0-udeb-dbgsym": "1.0.2g-1ubuntu4.1", "libssl-dev": "1.0.2g-1ubuntu4.1", "libssl1.0.0": "1.0.2g-1ubuntu4.1", "libssl-doc": "1.0.2g-1ubuntu4.1", "libcrypto1.0.0-udeb-dbgsym": "1.0.2g-1ubuntu4.1", "libssl1.0.0-dbg": "1.0.2g-1ubuntu4.1", "libssl-dev-dbgsym": "1.0.2g-1ubuntu4.1", "openssl": "1.0.2g-1ubuntu4.1", "openssl-dbgsym": "1.0.2g-1ubuntu4.1", "libssl1.0.0-udeb": "1.0.2g-1ubuntu4.1", "libssl1.0.0-dbgsym": "1.0.2g-1ubuntu4.1", "libcrypto1.0.0-udeb": "1.0.2g-1ubuntu4.1" } ] }