[El-errata] New openssl updates available via Ksplice (ELSA-2016-0722)

Errata Announcements for Oracle Linux el-errata at oss.oracle.com
Mon May 9 09:51:59 PDT 2016 

Synopsis: ELSA-2016-0722 can now be patched using Ksplice
CVEs: CVE-2016-0799 CVE-2016-2105 CVE-2016-2106 CVE-2016-2107 CVE-2016-2108 CVE-2016-2109 CVE-2016-2842

Users with Oracle Linux Premier Support can now use Ksplice to patch
against the latest Oracle Security Advisory, ELSA-2016-0722.

INSTALLING THE UPDATES

We recommend that all users of Ksplice on OL 7 install these updates.

You can install these updates by running:

# ksplice -y user upgrade

32-bit applications should be restarted after upgrading the on-disk
openssl RPMs and statically linked applications using
openssl should be rebuilt to include these fixes.


DESCRIPTION

* CVE-2016-0799, CVE-2016-2842: Arbitrary code execution in I/O printing.

A number of flaws in the OpenSSL BIO printing functions could result in
out-of-bound memory reads and writes.  An attacker could use this flaw
to crash the application under specific conditions or potentially, gain
code execution.


* CVE-2016-2105: Arbitrary code execution in OpenSSL envelope encoding.

An integer overflow in the envelope encoding functions could result in
heap corruption under specific conditions.  An attacker that could
trigger these function calls with large amounts of malicious data could
use the flaw to crash the application, or potentially, gain code
execution.


* CVE-2016-2106: Arbitrary code execution in OpenSSL envelope encryption.

An integer overflow in the envelope encryption functions could result in
heap corruption under specific conditions.  An attacker that could
trigger these function calls with large amounts of malicious data could
use the flaw to crash the application, or potentially, gain code
execution.


* CVE-2016-2107: Timing side-channel attack in AES-CBC with AES-NI.

A system with AES-NI instructions could leak timing information,
allowing a remote user to retrieve plain text from encrypted packets by
using a TLS/SSL or DTLS server as a padding oracle.


* CVE-2016-2108: Remote code execution in OpenSSL ASN.1 parsing.

A flaw in the OpenSSL ASN.1 parser could allow a remote attacker to
crash the system, or potentially, gain code execution with a maliciously
crafted certificate.


* CVE-2016-2109: Denial-of-service in OpenSSL ASN.1 BIO input.

Invalid ASN.1 encodings could result in the ASN.1 parser allocating
excessive memory.  A malicious user could use this flaw to exhaust the
process of memory, leading to a denial-of-service.

SUPPORT

Ksplice support is available at ksplice-support_ww at oracle.com.

More information about the El-errata mailing list