FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

CVE-2016-0705

This CVE name corresponds to:

Entered Topic
2016-08-11 FreeBSD -- Multiple OpenSSL vulnerabilities
2016-04-30 MySQL -- multiple vulnerabilities
2016-03-14 node -- multiple vulnerabilities

The following information is adapted from the Common Vulnerabilities and Exposures (CVE) project. CVE and the CVE logo are trademarks of The MITRE Corporation. CVE content is Copyright 2005, The MITRE Corporation.

CVE-2016-0705 at cve.mitre.org

Details

Type Candidate
Name CVE-2016-0705
Phase Assigned(20151216)

Description

Double free vulnerability in the dsa_priv_decode function in crypto/dsa/dsa_ameth.c in OpenSSL 1.0.1 before 1.0.1s and 1.0.2 before 1.0.2g allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a malformed DSA private key.

References

Source Reference
CONFIRM http://openssl.org/news/secadv/20160301.txt
CONFIRM https://git.openssl.org/?p=openssl.git;a=commit;h=6c88c71b4e4825c7bc0489306d062d017634eb88
CONFIRM https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA40168
CONFIRM http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html
CONFIRM http://source.android.com/security/bulletin/2016-05-01.html
CONFIRM https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05068681
CONFIRM https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05111017
CONFIRM https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05131085
CONFIRM https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05150800
CONFIRM http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html
SUSE openSUSE-SU-2016:1566
BID 91787

Copyright © 2005 The MITRE Corporation.

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.