Main Vulnerability Database SB2016092235

SB2016092235 - Denial of service in openssl (Alpine package)

Published: September 22, 2016

Security Bulletin ID SB2016092235

Severity

Low

Patch available

YES

Number of vulnerabilities 1

Exploitation vector Remote access

Highest impact Denial of service

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 security vulnerability.

1) Denial of service (CVE-ID: CVE-2016-6305)

The vulnerability allows a remote unauthenticated user to cause DoS conditions on the vulnerable system.
The weakness is due to flaw in handling of SSL/TLS protocol during a call to SSL_peek(). By sending an empty record attackers can trigger the affected service hang or deny.
Successful exploitation of the vulnerability will result in denial of service on the vulnerable system.

Remediation

Install update from vendor's website.

References

https://git.alpinelinux.org/aports/commit/?id=3e8e66af8eb57c1dc45545c6ad7ad09d2ad1bc8c
https://git.alpinelinux.org/aports/commit/?id=3a3ffbd8e2b0a4b3e1b8fcf62f913a691bb4dae4