Wind River Support Network

HomeDefectsLIN6-10954
Fixed

LIN6-10954 : Security Advisory - OpenSSL - CVE-2016-0705

Created: Feb 28, 2016    Updated: Dec 3, 2018
Resolved Date: Mar 4, 2016
Found In Version: 6.0
Fix Version: 6.0.0.29
Severity: Standard
Applicable for: Wind River Linux 6
Component/s: Userspace

Description

Double-free in DSA code (CVE-2016-0705)
=======================================

Severity: Low

A double free bug was discovered when OpenSSL parses malformed DSA private keys
and could lead to a DoS attack or memory corruption for applications that
receive DSA private keys from untrusted sources.  This scenario is considered
rare.

This issue affects OpenSSL versions 1.0.2 and 1.0.1.

OpenSSL 1.0.2 users should upgrade to 1.0.2g
OpenSSL 1.0.1 users should upgrade to 1.0.1s

This issue was reported to OpenSSL on February 7th 2016 by Adam Langley
(Google/BoringSSL) using libFuzzer. The fix was developed by Dr Stephen Henson
of OpenSSL.

Security Notices


Other Downloads


Live chat
Online