CVE-2016-6305

Related Files

Gentoo Linux Security Advisory 201612-16

Posted Dec 7, 2016

Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201612-16 - Multiple vulnerabilities have been found in OpenSSL, the worst of which allows attackers to conduct a time based side-channel attack. Versions less than 1.0.2j are affected.

tags | advisory, vulnerability

systems | linux, gentoo

advisories | CVE-2016-2105, CVE-2016-2106, CVE-2016-2107, CVE-2016-2108, CVE-2016-2109, CVE-2016-2176, CVE-2016-2177, CVE-2016-2178, CVE-2016-2180, CVE-2016-2183, CVE-2016-6304, CVE-2016-6305, CVE-2016-6306, CVE-2016-7052

SHA-256 | 267f0c13083d309d4f011bd2771d90788d5f04ad963b99fcd180d27463f73d7a

Download | Favorite | View

OpenSSL Security Advisory 20160922

Posted Sep 22, 2016

Site openssl.org

OpenSSL Security Advisory 20160922 - A malicious client can send an excessively large OCSP Status Request extension. If that client continually requests renegotiation, sending a large OCSP Status Request extension each time, then there will be unbounded memory growth on the server. This will eventually lead to a Denial Of Service attack through memory exhaustion. Servers with a default configuration are vulnerable even if they do not support OCSP. Builds using the "no-ocsp" build time option are not affected. Other issues were also addressed.

tags | advisory, denial of service

advisories | CVE-2016-2177, CVE-2016-2178, CVE-2016-2179, CVE-2016-2180, CVE-2016-2181, CVE-2016-2182, CVE-2016-2183, CVE-2016-6302, CVE-2016-6303, CVE-2016-6304, CVE-2016-6305, CVE-2016-6306, CVE-2016-6307, CVE-2016-6308

SHA-256 | a53149075294f036c481adb55b177d02ac0016e0b66f800b8c0c0007205c8169

Download | Favorite | View