Wind River Support Network

HomeDefectsLIN5-21234
Fixed

LIN5-21234 : Security Advisory - OpenSSL - CVE-2016-0705

Created: Feb 28, 2016    Updated: May 29, 2018
Resolved Date: Mar 6, 2016
Found In Version: 5.0.1
Fix Version: 5.0.1.36
Severity: Standard
Applicable for: Wind River Linux 5
Component/s: Userspace

Description

Wind River Linux 5 has both a 1.0.0 and 1.0.1 version of OpenSSL.  The default is 1.0.0.  Only the 1.0.1 version is vulnerable to this issue.

Double-free in DSA code (CVE-2016-0705)
=======================================

Severity: Low

A double free bug was discovered when OpenSSL parses malformed DSA private keys
and could lead to a DoS attack or memory corruption for applications that
receive DSA private keys from untrusted sources.  This scenario is considered
rare.

This issue affects OpenSSL versions 1.0.2 and 1.0.1.

OpenSSL 1.0.2 users should upgrade to 1.0.2g
OpenSSL 1.0.1 users should upgrade to 1.0.1s

This issue was reported to OpenSSL on February 7th 2016 by Adam Langley
(Google/BoringSSL) using libFuzzer. The fix was developed by Dr Stephen Henson
of OpenSSL.

Security Notices


Other Downloads


Live chat
Online