2015-12-19
ALT-BU-2015-2808-1
Branch sisyphus update bulletin.
Closed vulnerabilities
Published: 2015-06-12
BDU:2015-11035
Уязвимость функции BN_GF2m_mod_inv библиотеки OpenSSL, позволяющая нарушителю вызвать отказ в обслуживании
Severity: MEDIUM (4.3)
References:
Published: 2015-12-06
BDU:2016-01653
Уязвимость библиотеки OpenSSL, позволяющая нарушителю вызвать отказ в обслуживании
Severity: MEDIUM (5.0)
References:
Published: 2015-12-06
BDU:2016-01654
Уязвимость реализации ASN1_TFLG_COMBINE библиотеки OpenSSL, позволяющая нарушителю получить защищаемую информацию из памяти процесса
Severity: MEDIUM (5.0)
References:
Published: 2015-12-06
BDU:2016-01655
Уязвимость библиотеки OpenSSL, позволяющая нарушителю вызвать отказ в обслуживании
Severity: MEDIUM (4.3)
References:
Published: 2015-06-12
Modified: 2024-11-21
Modified: 2024-11-21
CVE-2015-1788
The BN_GF2m_mod_inv function in crypto/bn/bn_gf2m.c in OpenSSL before 0.9.8s, 1.0.0 before 1.0.0e, 1.0.1 before 1.0.1n, and 1.0.2 before 1.0.2b does not properly handle ECParameters structures in which the curve is over a malformed binary polynomial field, which allows remote attackers to cause a denial of service (infinite loop) via a session that uses an Elliptic Curve algorithm, as demonstrated by an attack against a server that supports client authentication.
Severity: MEDIUM (4.3)
References:
- http://fortiguard.com/advisory/2015-07-09-cve-2015-1793-openssl-alternative-chains-certificate-forgery
- http://fortiguard.com/advisory/2015-07-09-cve-2015-1793-openssl-alternative-chains-certificate-forgery
- http://fortiguard.com/advisory/openssl-vulnerabilities-june-2015
- http://fortiguard.com/advisory/openssl-vulnerabilities-june-2015
- NetBSD-SA2015-008
- NetBSD-SA2015-008
- http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10694
- http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10694
- APPLE-SA-2015-08-13-2
- APPLE-SA-2015-08-13-2
- openSUSE-SU-2015:1139
- openSUSE-SU-2015:1139
- SUSE-SU-2015:1143
- SUSE-SU-2015:1143
- SUSE-SU-2015:1150
- SUSE-SU-2015:1150
- SUSE-SU-2015:1181
- SUSE-SU-2015:1181
- SUSE-SU-2015:1182
- SUSE-SU-2015:1182
- SUSE-SU-2015:1184
- SUSE-SU-2015:1184
- SUSE-SU-2015:1185
- SUSE-SU-2015:1185
- openSUSE-SU-2015:1277
- openSUSE-SU-2015:1277
- openSUSE-SU-2016:0640
- openSUSE-SU-2016:0640
- HPSBUX03388
- HPSBUX03388
- SSRT102180
- SSRT102180
- HPSBMU03409
- HPSBMU03409
- 20150612 Multiple Vulnerabilities in OpenSSL (June 2015) Affecting Cisco Products
- 20150612 Multiple Vulnerabilities in OpenSSL (June 2015) Affecting Cisco Products
- DSA-3287
- DSA-3287
- http://www.fortiguard.com/advisory/2015-06-11-fortinet-vulnerability-openssl-vulnerabilities-june-2015
- http://www.fortiguard.com/advisory/2015-06-11-fortinet-vulnerability-openssl-vulnerabilities-june-2015
- http://www.fortiguard.com/advisory/openssl-vulnerabilities-june-2015
- http://www.fortiguard.com/advisory/openssl-vulnerabilities-june-2015
- http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html
- http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html
- http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html
- http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html
- http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html
- http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html
- http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html
- http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html
- http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html
- http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html
- http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html
- http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html
- http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html
- http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html
- 75158
- 75158
- 91787
- 91787
- 1032564
- 1032564
- USN-2639-1
- USN-2639-1
- http://www-304.ibm.com/support/docview.wss?uid=swg21960041
- http://www-304.ibm.com/support/docview.wss?uid=swg21960041
- https://bto.bluecoat.com/security-advisory/sa98
- https://bto.bluecoat.com/security-advisory/sa98
- https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf
- https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf
- https://github.com/openssl/openssl/commit/4924b37ee01f71ae19c94a8934b80eeb2f677932
- https://github.com/openssl/openssl/commit/4924b37ee01f71ae19c94a8934b80eeb2f677932
- https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05045763
- https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05045763
- https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05131044
- https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05131044
- https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05150888
- https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05150888
- https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05158380
- https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05158380
- https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05184351
- https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05184351
- https://kc.mcafee.com/corporate/index?page=content&id=SB10122
- https://kc.mcafee.com/corporate/index?page=content&id=SB10122
- https://openssl.org/news/secadv/20150611.txt
- https://openssl.org/news/secadv/20150611.txt
- GLSA-201506-02
- GLSA-201506-02
- https://support.apple.com/kb/HT205031
- https://support.apple.com/kb/HT205031
- https://support.citrix.com/article/CTX216642
- https://support.citrix.com/article/CTX216642
- https://www.openssl.org/news/secadv_20150611.txt
- https://www.openssl.org/news/secadv_20150611.txt
Published: 2015-12-06
Modified: 2024-11-21
Modified: 2024-11-21
CVE-2015-3194
crypto/rsa/rsa_ameth.c in OpenSSL 1.0.1 before 1.0.1q and 1.0.2 before 1.0.2e allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via an RSA PSS ASN.1 signature that lacks a mask generation function parameter.
Severity: HIGH (7.5)
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
References:
- http://fortiguard.com/advisory/openssl-advisory-december-2015
- http://fortiguard.com/advisory/openssl-advisory-december-2015
- http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10759
- http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10759
- http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10761
- http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10761
- FEDORA-2015-d87d60b9a9
- FEDORA-2015-d87d60b9a9
- openSUSE-SU-2016:0637
- openSUSE-SU-2016:0637
- openSUSE-SU-2016:1332
- openSUSE-SU-2016:1332
- openSUSE-SU-2015:2288
- openSUSE-SU-2015:2288
- openSUSE-SU-2015:2289
- openSUSE-SU-2015:2289
- openSUSE-SU-2015:2318
- openSUSE-SU-2015:2318
- HPSBGN03536
- HPSBGN03536
- http://openssl.org/news/secadv/20151203.txt
- http://openssl.org/news/secadv/20151203.txt
- RHSA-2015:2617
- RHSA-2015:2617
- RHSA-2016:2957
- RHSA-2016:2957
- 20151204 Multiple Vulnerabilities in OpenSSL (December 2015) Affecting Cisco Products
- 20151204 Multiple Vulnerabilities in OpenSSL (December 2015) Affecting Cisco Products
- DSA-3413
- DSA-3413
- http://www.fortiguard.com/advisory/openssl-advisory-december-2015
- http://www.fortiguard.com/advisory/openssl-advisory-december-2015
- http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html
- http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html
- http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html
- http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html
- http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html
- http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html
- http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html
- http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html
- http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html
- http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html
- 78623
- 78623
- 91787
- 91787
- 1034294
- 1034294
- SSA:2015-349-04
- SSA:2015-349-04
- USN-2830-1
- USN-2830-1
- https://bugzilla.redhat.com/show_bug.cgi?id=1288320
- https://bugzilla.redhat.com/show_bug.cgi?id=1288320
- https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf
- https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf
- https://git.openssl.org/?p=openssl.git%3Ba=commit%3Bh=c394a488942387246653833359a5c94b5832674e
- https://git.openssl.org/?p=openssl.git%3Ba=commit%3Bh=c394a488942387246653833359a5c94b5832674e
- https://git.openssl.org/?p=openssl.git%3Ba=commit%3Bh=d8541d7e9e63bf5f343af24644046c8d96498c17
- https://git.openssl.org/?p=openssl.git%3Ba=commit%3Bh=d8541d7e9e63bf5f343af24644046c8d96498c17
- https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04944173
- https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04944173
- https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05111017
- https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05111017
- https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05131085
- https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05131085
- https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05150888
- https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05150888
- https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05157667
- https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05157667
- https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05158380
- https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05158380
- https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05398322
- https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05398322
- https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA40100
- https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA40100
Published: 2015-12-06
Modified: 2024-11-21
Modified: 2024-11-21
CVE-2015-3195
The ASN1_TFLG_COMBINE implementation in crypto/asn1/tasn_dec.c in OpenSSL before 0.9.8zh, 1.0.0 before 1.0.0t, 1.0.1 before 1.0.1q, and 1.0.2 before 1.0.2e mishandles errors caused by malformed X509_ATTRIBUTE data, which allows remote attackers to obtain sensitive information from process memory by triggering a decoding failure in a PKCS#7 or CMS application.
Severity: MEDIUM (5.3)
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
References:
- http://fortiguard.com/advisory/openssl-advisory-december-2015
- http://fortiguard.com/advisory/openssl-advisory-december-2015
- http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10733
- http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10733
- http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10759
- http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10759
- http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10761
- http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10761
- APPLE-SA-2016-03-21-5
- APPLE-SA-2016-03-21-5
- FEDORA-2015-d87d60b9a9
- FEDORA-2015-d87d60b9a9
- openSUSE-SU-2016:0637
- openSUSE-SU-2016:0637
- openSUSE-SU-2016:0640
- openSUSE-SU-2016:0640
- SUSE-SU-2016:0678
- SUSE-SU-2016:0678
- openSUSE-SU-2015:2288
- openSUSE-SU-2015:2288
- openSUSE-SU-2015:2289
- openSUSE-SU-2015:2289
- openSUSE-SU-2015:2318
- openSUSE-SU-2015:2318
- openSUSE-SU-2015:2349
- openSUSE-SU-2015:2349
- HPSBGN03536
- HPSBGN03536
- http://openssl.org/news/secadv/20151203.txt
- http://openssl.org/news/secadv/20151203.txt
- RHSA-2015:2616
- RHSA-2015:2616
- RHSA-2015:2617
- RHSA-2015:2617
- RHSA-2016:2056
- RHSA-2016:2056
- RHSA-2016:2957
- RHSA-2016:2957
- 20151204 Multiple Vulnerabilities in OpenSSL (December 2015) Affecting Cisco Products
- 20151204 Multiple Vulnerabilities in OpenSSL (December 2015) Affecting Cisco Products
- DSA-3413
- DSA-3413
- http://www.fortiguard.com/advisory/openssl-advisory-december-2015
- http://www.fortiguard.com/advisory/openssl-advisory-december-2015
- http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html
- http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html
- http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html
- http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html
- http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html
- http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html
- http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html
- http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html
- http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html
- http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html
- http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html
- http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html
- http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html
- http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html
- http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html
- http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html
- http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html
- http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html
- http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html
- http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html
- 78626
- 78626
- 91787
- 91787
- 1034294
- 1034294
- SSA:2015-349-04
- SSA:2015-349-04
- USN-2830-1
- USN-2830-1
- https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf
- https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf
- https://git.openssl.org/?p=openssl.git%3Ba=commit%3Bh=cc598f321fbac9c04da5766243ed55d55948637d
- https://git.openssl.org/?p=openssl.git%3Ba=commit%3Bh=cc598f321fbac9c04da5766243ed55d55948637d
- https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04944173
- https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04944173
- https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05111017
- https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05111017
- https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05131085
- https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05131085
- https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05150888
- https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05150888
- https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05158380
- https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05158380
- https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05398322
- https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05398322
- https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA40100
- https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA40100
- https://support.apple.com/HT206167
- https://support.apple.com/HT206167
Published: 2015-12-06
Modified: 2024-11-21
Modified: 2024-11-21
CVE-2015-3196
ssl/s3_clnt.c in OpenSSL 1.0.0 before 1.0.0t, 1.0.1 before 1.0.1p, and 1.0.2 before 1.0.2d, when used for a multi-threaded client, writes the PSK identity hint to an incorrect data structure, which allows remote servers to cause a denial of service (race condition and double free) via a crafted ServerKeyExchange message.
Severity: MEDIUM (4.3)
References:
- http://fortiguard.com/advisory/openssl-advisory-december-2015
- http://fortiguard.com/advisory/openssl-advisory-december-2015
- http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10759
- http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10759
- http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10761
- http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10761
- FEDORA-2015-d87d60b9a9
- FEDORA-2015-d87d60b9a9
- openSUSE-SU-2015:2288
- openSUSE-SU-2015:2288
- openSUSE-SU-2015:2289
- openSUSE-SU-2015:2289
- HPSBGN03536
- HPSBGN03536
- http://openssl.org/news/secadv/20151203.txt
- http://openssl.org/news/secadv/20151203.txt
- RHSA-2015:2617
- RHSA-2015:2617
- RHSA-2016:2957
- RHSA-2016:2957
- 20151204 Multiple Vulnerabilities in OpenSSL (December 2015) Affecting Cisco Products
- 20151204 Multiple Vulnerabilities in OpenSSL (December 2015) Affecting Cisco Products
- DSA-3413
- DSA-3413
- http://www.fortiguard.com/advisory/openssl-advisory-december-2015
- http://www.fortiguard.com/advisory/openssl-advisory-december-2015
- http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html
- http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html
- http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html
- http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html
- http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html
- http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html
- http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html
- http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html
- 78622
- 78622
- 1034294
- 1034294
- SSA:2015-349-04
- SSA:2015-349-04
- USN-2830-1
- USN-2830-1
- https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf
- https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf
- https://git.openssl.org/?p=openssl.git%3Ba=commit%3Bh=3c66a669dfc7b3792f7af0758ea26fe8502ce70c
- https://git.openssl.org/?p=openssl.git%3Ba=commit%3Bh=3c66a669dfc7b3792f7af0758ea26fe8502ce70c
- https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04944173
- https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04944173
- https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05398322
- https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05398322
- https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA40100
- https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA40100