{"id":"MGASA-2016-0169","summary":"Updated openssl packages fix security vulnerability","details":"An overflow can occur in the EVP_EncodeUpdate() function which is used for\nBase64 encoding of binary data. If an attacker is able to supply very\nlarge amounts of input data then a length check can overflow resulting in\na heap corruption (CVE-2016-2105).\n\nAn overflow can occur in the EVP_EncryptUpdate() function. If an attacker\nis able to supply very large amounts of input data after a previous call\nto EVP_EncryptUpdate() with a partial block then a length check can\noverflow resulting in a heap corruption (CVE-2016-2106).\n\nA MITM attacker can use a padding oracle attack to decrypt traffic when\nthe connection uses an AES CBC cipher and the server support AES-NI\n(CVE-2016-2107).\n\nWhen ASN.1 data is read from a BIO using functions such as d2i_CMS_bio()\na short invalid encoding can casuse allocation of large amounts of memory\npotentially consuming excessive resources or exhausting memory\n(CVE-2016-2109)\n","modified":"2026-04-16T06:25:52.882684518Z","published":"2016-05-07T21:22:48Z","upstream":["CVE-2016-2105","CVE-2016-2106","CVE-2016-2107","CVE-2016-2109"],"references":[{"type":"ADVISORY","url":"https://advisories.mageia.org/MGASA-2016-0169.html"},{"type":"REPORT","url":"https://bugs.mageia.org/show_bug.cgi?id=18341"},{"type":"WEB","url":"https://www.openssl.org/news/secadv/20160503.txt"}],"affected":[{"package":{"name":"openssl","ecosystem":"Mageia:5","purl":"pkg:rpm/mageia/openssl?arch=source&distro=mageia-5"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1.0.2h-1.mga5"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2016-0169.json"}}],"schema_version":"1.7.5","credits":[{"name":"Mageia","contact":["https://wiki.mageia.org/en/Packages_Security_Team"],"type":"COORDINATOR"}]}