ALT-PU-2016-1757-1
Closed vulnerabilities
Published: 2016-05-15
BDU:2016-01428
Уязвимость браузерного движка V8 и браузера Google Chrome, позволяющая нарушителю вызвать отказ в обслуживании или оказать другое воздействие
Severity: CRITICAL (9.3)
References:
Published: 2016-05-04
BDU:2020-02960
Уязвимость функции EVP_EncodeUpdate (crypto/evp/encode.c) библиотеки OpenSSL, связанная с ошибкой при обработке числа, позволяющая нарушителю вызвать отказ в обслуживании
Severity: HIGH (7.5)
Vector: AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
References:
Published: 2016-05-15
Modified: 2024-11-21
Modified: 2024-11-21
CVE-2016-1669
The Zone::New function in zone.cc in Google V8 before 5.0.71.47, as used in Google Chrome before 50.0.2661.102, does not properly determine when to expand certain memory allocations, which allows remote attackers to cause a denial of service (buffer overflow) or possibly have unspecified other impact via crafted JavaScript code.
Severity: HIGH (8.8)
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
References:
- http://googlechromereleases.blogspot.com/2016/05/stable-channel-update.html
- http://googlechromereleases.blogspot.com/2016/05/stable-channel-update.html
- openSUSE-SU-2016:1304
- openSUSE-SU-2016:1304
- openSUSE-SU-2016:1319
- openSUSE-SU-2016:1319
- openSUSE-SU-2016:1655
- openSUSE-SU-2016:1655
- openSUSE-SU-2016:1834
- openSUSE-SU-2016:1834
- RHSA-2016:1080
- RHSA-2016:1080
- RHSA-2017:0002
- RHSA-2017:0002
- DSA-3590
- DSA-3590
- 90584
- 90584
- 1035872
- 1035872
- USN-2960-1
- USN-2960-1
- RHSA-2017:0879
- RHSA-2017:0879
- RHSA-2017:0880
- RHSA-2017:0880
- RHSA-2017:0881
- RHSA-2017:0881
- RHSA-2017:0882
- RHSA-2017:0882
- RHSA-2018:0336
- RHSA-2018:0336
- https://codereview.chromium.org/1945313002
- https://codereview.chromium.org/1945313002
- https://crbug.com/606115
- https://crbug.com/606115
- https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05347541
- https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05347541
- FEDORA-2016-6fd3131c03
- FEDORA-2016-6fd3131c03
- FEDORA-2016-e720bc8451
- FEDORA-2016-e720bc8451
- GLSA-201605-02
- GLSA-201605-02
Published: 2016-05-05
Modified: 2024-11-21
Modified: 2024-11-21
CVE-2016-2105
Integer overflow in the EVP_EncodeUpdate function in crypto/evp/encode.c in OpenSSL before 1.0.1t and 1.0.2 before 1.0.2h allows remote attackers to cause a denial of service (heap memory corruption) via a large amount of binary data.
Severity: HIGH (7.5)
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
References:
- http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10759
- http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10759
- APPLE-SA-2016-07-18-1
- APPLE-SA-2016-07-18-1
- FEDORA-2016-05c567df1a
- FEDORA-2016-05c567df1a
- FEDORA-2016-1411324654
- FEDORA-2016-1411324654
- FEDORA-2016-1e39d934ed
- FEDORA-2016-1e39d934ed
- SUSE-SU-2016:1206
- SUSE-SU-2016:1206
- SUSE-SU-2016:1228
- SUSE-SU-2016:1228
- SUSE-SU-2016:1231
- SUSE-SU-2016:1231
- SUSE-SU-2016:1233
- SUSE-SU-2016:1233
- openSUSE-SU-2016:1237
- openSUSE-SU-2016:1237
- openSUSE-SU-2016:1238
- openSUSE-SU-2016:1238
- openSUSE-SU-2016:1239
- openSUSE-SU-2016:1239
- openSUSE-SU-2016:1240
- openSUSE-SU-2016:1240
- openSUSE-SU-2016:1241
- openSUSE-SU-2016:1241
- openSUSE-SU-2016:1242
- openSUSE-SU-2016:1242
- openSUSE-SU-2016:1243
- openSUSE-SU-2016:1243
- SUSE-SU-2016:1267
- SUSE-SU-2016:1267
- openSUSE-SU-2016:1273
- openSUSE-SU-2016:1273
- SUSE-SU-2016:1290
- SUSE-SU-2016:1290
- SUSE-SU-2016:1360
- SUSE-SU-2016:1360
- openSUSE-SU-2016:1566
- openSUSE-SU-2016:1566
- http://packetstormsecurity.com/files/136912/Slackware-Security-Advisory-openssl-Updates.html
- http://packetstormsecurity.com/files/136912/Slackware-Security-Advisory-openssl-Updates.html
- RHSA-2016:0722
- RHSA-2016:0722
- RHSA-2016:0996
- RHSA-2016:0996
- RHSA-2016:1648
- RHSA-2016:1648
- RHSA-2016:1649
- RHSA-2016:1649
- RHSA-2016:1650
- RHSA-2016:1650
- RHSA-2016:2056
- RHSA-2016:2056
- RHSA-2016:2073
- RHSA-2016:2073
- RHSA-2016:2957
- RHSA-2016:2957
- 20160504 Multiple Vulnerabilities in OpenSSL Affecting Cisco Products: May 2016
- 20160504 Multiple Vulnerabilities in OpenSSL Affecting Cisco Products: May 2016
- DSA-3566
- DSA-3566
- http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html
- http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html
- http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html
- http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html
- http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html
- http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html
- http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html
- http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html
- http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html
- http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html
- http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html
- http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html
- http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html
- http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html
- http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html
- http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html
- http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html
- http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html
- 89757
- 89757
- 91787
- 91787
- 1035721
- 1035721
- SSA:2016-124-01
- SSA:2016-124-01
- USN-2959-1
- USN-2959-1
- https://bto.bluecoat.com/security-advisory/sa123
- https://bto.bluecoat.com/security-advisory/sa123
- https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf
- https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf
- https://git.openssl.org/?p=openssl.git%3Ba=commit%3Bh=5b814481f3573fa9677f3a31ee51322e2a22ee6a
- https://git.openssl.org/?p=openssl.git%3Ba=commit%3Bh=5b814481f3573fa9677f3a31ee51322e2a22ee6a
- https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03756en_us
- https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03756en_us
- https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03765en_us
- https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03765en_us
- https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05320149
- https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05320149
- https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390722
- https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390722
- https://kc.mcafee.com/corporate/index?page=content&id=SB10160
- https://kc.mcafee.com/corporate/index?page=content&id=SB10160
- GLSA-201612-16
- GLSA-201612-16
- https://security.netapp.com/advisory/ntap-20160504-0001/
- https://security.netapp.com/advisory/ntap-20160504-0001/
- https://source.android.com/security/bulletin/pixel/2017-11-01
- https://source.android.com/security/bulletin/pixel/2017-11-01
- https://support.apple.com/HT206903
- https://support.apple.com/HT206903
- FreeBSD-SA-16:17
- FreeBSD-SA-16:17
- https://www.openssl.org/news/secadv/20160503.txt
- https://www.openssl.org/news/secadv/20160503.txt
- https://www.tenable.com/security/tns-2016-18
- https://www.tenable.com/security/tns-2016-18
Published: 2016-05-05
Modified: 2024-11-21
Modified: 2024-11-21
CVE-2016-2107
The AES-NI implementation in OpenSSL before 1.0.1t and 1.0.2 before 1.0.2h does not consider memory allocation during a certain padding check, which allows remote attackers to obtain sensitive cleartext information via a padding-oracle attack against an AES CBC session. NOTE: this vulnerability exists because of an incorrect fix for CVE-2013-0169.
Severity: MEDIUM (5.9)
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
References:
- http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10759
- http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10759
- APPLE-SA-2016-07-18-1
- APPLE-SA-2016-07-18-1
- FEDORA-2016-05c567df1a
- FEDORA-2016-05c567df1a
- FEDORA-2016-1411324654
- FEDORA-2016-1411324654
- FEDORA-2016-1e39d934ed
- FEDORA-2016-1e39d934ed
- SUSE-SU-2016:1206
- SUSE-SU-2016:1206
- SUSE-SU-2016:1228
- SUSE-SU-2016:1228
- SUSE-SU-2016:1233
- SUSE-SU-2016:1233
- openSUSE-SU-2016:1237
- openSUSE-SU-2016:1237
- openSUSE-SU-2016:1238
- openSUSE-SU-2016:1238
- openSUSE-SU-2016:1240
- openSUSE-SU-2016:1240
- openSUSE-SU-2016:1243
- openSUSE-SU-2016:1243
- openSUSE-SU-2016:1566
- openSUSE-SU-2016:1566
- http://packetstormsecurity.com/files/136912/Slackware-Security-Advisory-openssl-Updates.html
- http://packetstormsecurity.com/files/136912/Slackware-Security-Advisory-openssl-Updates.html
- RHSA-2016:0722
- RHSA-2016:0722
- RHSA-2016:0996
- RHSA-2016:0996
- RHSA-2016:2073
- RHSA-2016:2073
- RHSA-2016:2957
- RHSA-2016:2957
- http://source.android.com/security/bulletin/2016-07-01.html
- http://source.android.com/security/bulletin/2016-07-01.html
- http://support.citrix.com/article/CTX212736
- http://support.citrix.com/article/CTX212736
- 20160504 Multiple Vulnerabilities in OpenSSL Affecting Cisco Products: May 2016
- 20160504 Multiple Vulnerabilities in OpenSSL Affecting Cisco Products: May 2016
- http://web-in-security.blogspot.ca/2016/05/curious-padding-oracle-in-openssl-cve.html
- http://web-in-security.blogspot.ca/2016/05/curious-padding-oracle-in-openssl-cve.html
- DSA-3566
- DSA-3566
- http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html
- http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html
- http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html
- http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html
- http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html
- http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html
- http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html
- http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html
- http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html
- http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html
- http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html
- http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html
- http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html
- http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html
- http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html
- http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html
- http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html
- http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html
- 89760
- 89760
- 91787
- 91787
- 1035721
- 1035721
- SSA:2016-124-01
- SSA:2016-124-01
- USN-2959-1
- USN-2959-1
- https://blog.cloudflare.com/yet-another-padding-oracle-in-openssl-cbc-ciphersuites/
- https://blog.cloudflare.com/yet-another-padding-oracle-in-openssl-cbc-ciphersuites/
- https://bto.bluecoat.com/security-advisory/sa123
- https://bto.bluecoat.com/security-advisory/sa123
- https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf
- https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf
- https://git.openssl.org/?p=openssl.git%3Ba=commit%3Bh=68595c0c2886e7942a14f98c17a55a88afb6c292
- https://git.openssl.org/?p=openssl.git%3Ba=commit%3Bh=68595c0c2886e7942a14f98c17a55a88afb6c292
- https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbgn03726en_us
- https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbgn03726en_us
- https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbgn03728en_us
- https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbgn03728en_us
- https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03756en_us
- https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03756en_us
- https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03765en_us
- https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03765en_us
- https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05164862
- https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05164862
- https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05320149
- https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05320149
- https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05386804
- https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05386804
- https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390722
- https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390722
- https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA40202
- https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA40202
- https://kc.mcafee.com/corporate/index?page=content&id=SB10160
- https://kc.mcafee.com/corporate/index?page=content&id=SB10160
- GLSA-201612-16
- GLSA-201612-16
- https://security.netapp.com/advisory/ntap-20160504-0001/
- https://security.netapp.com/advisory/ntap-20160504-0001/
- https://support.apple.com/HT206903
- https://support.apple.com/HT206903
- 39768
- 39768
- FreeBSD-SA-16:17
- FreeBSD-SA-16:17
- https://www.openssl.org/news/secadv/20160503.txt
- https://www.openssl.org/news/secadv/20160503.txt
- https://www.tenable.com/security/tns-2016-18
- https://www.tenable.com/security/tns-2016-18