{"id":"MGASA-2016-0338","summary":"Updated openssl packages fix security vulnerabilities","details":"Guido Vranken discovered that OpenSSL uses undefined pointer arithmetic\n(CVE-2016-2177).\n\nCesar Pereida, Billy Brumley and Yuval Yarom discovered a timing leak in the\nDSA code (CVE-2016-2178).\n\nQuan Luo and the OCAP audit team discovered denial of service vulnerabilities\nin DTLS (CVE-2016-2179, CVE-2016-2181).\n\nShi Lei discovered an out-of-bounds memory read in TS_OBJ_print_bio() and an\nout-of-bounds write in BN_bn2dec() and MDC2_Update() (CVE-2016-2180,\nCVE-2016-2182, CVE-2016-6303).\n\nDES-based cipher suites are demoted from the HIGH group to MEDIUM as a\nmitigation for the SWEET32 attack (CVE-2016-2183).\n\nShi Lei discovered that the use of SHA512 in TLS session tickets is\nsusceptible to denial of service (CVE-2016-6302).\n\nShi Lei discovered that excessively large OCSP status request may result in\ndenial of service via memory exhaustion (CVE-2016-6304).\n\nShi Lei discovered that missing message length validation when parsing\ncertificates may potentially result in denial of service (CVE-2016-6306).\n","modified":"2026-04-16T06:25:44.685763606Z","published":"2016-10-11T22:12:20Z","upstream":["CVE-2016-2177","CVE-2016-2178","CVE-2016-2179","CVE-2016-2180","CVE-2016-2181","CVE-2016-2182","CVE-2016-2183","CVE-2016-6302","CVE-2016-6303","CVE-2016-6304","CVE-2016-6306"],"references":[{"type":"ADVISORY","url":"https://advisories.mageia.org/MGASA-2016-0338.html"},{"type":"REPORT","url":"https://bugs.mageia.org/show_bug.cgi?id=19446"},{"type":"WEB","url":"https://www.openssl.org/blog/blog/2016/06/27/undefined-pointer-arithmetic/"},{"type":"WEB","url":"https://www.debian.org/security/2016/dsa-3673"}],"affected":[{"package":{"name":"openssl","ecosystem":"Mageia:5","purl":"pkg:rpm/mageia/openssl?arch=source&distro=mageia-5"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1.0.2j-1.mga5"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2016-0338.json"}}],"schema_version":"1.7.5","credits":[{"name":"Mageia","contact":["https://wiki.mageia.org/en/Packages_Security_Team"],"type":"COORDINATOR"}]}