Wind River Support Network

HomeDefectsLIN6-11166

Fixed

LIN6-11166 : Security Advisory - OpenSSL - CVE-2016-2176

Created: May 3, 2016 Updated: Dec 3, 2018

Resolved Date: May 4, 2016

Previous ID: SCP6-709

Found In Version: 6.0.0.29

Fix Version: 6.0.0.30

Severity: Standard

Applicable for: Wind River Linux 6

Component/s: Userspace

Description

EBCDIC overread (CVE-2016-2176)
===============================

Severity: Low

ASN1 Strings that are over 1024 bytes can cause an overread in applications
using the X509_NAME_oneline() function on EBCDIC systems. This could result in
arbitrary stack data being returned in the buffer.

This issue was reported to OpenSSL on 5th March 2016 by Guido Vranken. The
fix was developed by Matt Caswell of the OpenSSL development team.

Other Downloads

Wind River Linux 6.0.0.30
Wind River Linux 6.0.0.31
Wind River Linux 6.0.0.32
Wind River Linux 6.0.0.33
Wind River Linux 6.0.0.34
Wind River Linux 6.0.0.35
Wind River Linux 6.0.0.36
Wind River Linux 6.0.0.37
Wind River Linux 6.0.0.38