Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 585142 (CVE-2016-2177) - <dev-libs/openssl-1.0.2h-r2: Possible integer overflow vulnerabilities in codebase (CVE-2016-2177)
Summary: <dev-libs/openssl-1.0.2h-r2: Possible integer overflow vulnerabilities in cod...
Status: RESOLVED FIXED
Alias: CVE-2016-2177
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal major (vote)
Assignee: Gentoo Security
URL: https://bugzilla.redhat.com/show_bug....
Whiteboard: A2 [glsa cve]
Keywords:
Depends on: CVE-2016-2178
Blocks:
  Show dependency tree
 
Reported: 2016-06-06 07:27 UTC by Agostino Sarubbo
Modified: 2016-12-07 10:27 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Agostino Sarubbo gentoo-dev 2016-06-06 07:27:34 UTC
From ${URL} :

A common idiom in the codebase is:

if (p + len > limit)
{
	return; /* Too long */
}

where p points to some malloc'd data of SIZE bytes and limit == p + SIZE. 'len' could be from some 
externally supplied data, e.g. TLS message. This idiom is vulnerable to integer overflow 
vulnerability.

Upstream commit: 6f35f6deb5ca7daebe289f86477e061ce3ee5f46


@maintainer(s): after the bump, in case we need to stabilize the package, please let us know if it is ready for the stabilization or not.
Comment 1 GLSAMaker/CVETool Bot gentoo-dev 2016-06-20 09:09:33 UTC
CVE-2016-2177 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2177):
  OpenSSL through 1.0.2h incorrectly uses pointer arithmetic for heap-buffer
  boundary checks, which might allow remote attackers to cause a denial of
  service (integer overflow and application crash) or possibly have
  unspecified other impact by leveraging unexpected malloc behavior, related
  to s3_srvr.c, ssl_sess.c, and t1_lib.c.
Comment 2 Patrick McLean gentoo-dev 2016-06-25 02:20:50 UTC
Fixed in openssl-1.0.2h-r2

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=b4bfc10ce01e37a79da48f2f8349200c7eca78ed
Comment 3 GLSAMaker/CVETool Bot gentoo-dev 2016-12-07 10:27:25 UTC
This issue was resolved and addressed in
 GLSA 201612-16 at https://security.gentoo.org/glsa/201612-16
by GLSA coordinator Aaron Bauman (b-man).