Wind River Support Network

HomeDefectsLIN8-2886
Fixed

LIN8-2886 : Security Advisory - OpenSSL - CVE-2016-0705

Created: Feb 26, 2016    Updated: Dec 3, 2018
Resolved Date: Mar 3, 2016
Found In Version: 8.0
Fix Version: 8.0.0.3
Severity: Standard
Applicable for: Wind River Linux 8
Component/s: Userspace

Description

Double-free in DSA code (CVE-2016-0705)
=======================================

Severity: Low

A double free bug was discovered when OpenSSL parses malformed DSA private keys
and could lead to a DoS attack or memory corruption for applications that
receive DSA private keys from untrusted sources.  This scenario is considered
rare.

This issue affects OpenSSL versions 1.0.2 and 1.0.1.

OpenSSL 1.0.2 users should upgrade to 1.0.2g
OpenSSL 1.0.1 users should upgrade to 1.0.1s

This issue was reported to OpenSSL on February 7th 2016 by Adam Langley
(Google/BoringSSL) using libFuzzer. The fix was developed by Dr Stephen Henson
of OpenSSL.

Security Notices


Other Downloads


CVEs


Live chat
Online