Wind River Support Network


LIN7-5725 : Security Advisory - OpenSSL - CVE-2016-0705

Created: Feb 28, 2016    Updated: Sep 8, 2018
Resolved Date: Mar 3, 2016
Found In Version: 7.0
Fix Version:
Severity: Standard
Applicable for: Wind River Linux 7
Component/s: Userspace


Double-free in DSA code (CVE-2016-0705)

Severity: Low

A double free bug was discovered when OpenSSL parses malformed DSA private keys
and could lead to a DoS attack or memory corruption for applications that
receive DSA private keys from untrusted sources.  This scenario is considered

This issue affects OpenSSL versions 1.0.2 and 1.0.1.

OpenSSL 1.0.2 users should upgrade to 1.0.2g
OpenSSL 1.0.1 users should upgrade to 1.0.1s

This issue was reported to OpenSSL on February 7th 2016 by Adam Langley
(Google/BoringSSL) using libFuzzer. The fix was developed by Dr Stephen Henson
of OpenSSL.

Security Notices

Other Downloads


Live chat