{ "threat_severity" : "Low", "public_date" : "2016-02-18T00:00:00Z", "bugzilla" : { "description" : "OpenSSL: Double-free in DSA code", "id" : "1310596", "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1310596" }, "cvss" : { "cvss_base_score" : "2.6", "cvss_scoring_vector" : "AV:N/AC:H/Au:N/C:N/I:N/A:P", "status" : "verified" }, "details" : [ "Double free vulnerability in the dsa_priv_decode function in crypto/dsa/dsa_ameth.c in OpenSSL 1.0.1 before 1.0.1s and 1.0.2 before 1.0.2g allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a malformed DSA private key.", "A double-free flaw was found in the way OpenSSL parsed certain malformed DSA (Digital Signature Algorithm) private keys. An attacker could create specially crafted DSA private keys that, when processed by an application compiled against OpenSSL, could cause the application to crash." ], "acknowledgement" : "Red Hat would like to thank the OpenSSL project for reporting this issue. Upstream acknowledges Adam Langley (Google/BoringSSL) as the original reporter.", "affected_release" : [ { "product_name" : "Red Hat Enterprise Linux 6", "release_date" : "2016-03-01T00:00:00Z", "advisory" : "RHSA-2016:0301", "cpe" : "cpe:/o:redhat:enterprise_linux:6", "package" : "openssl-0:1.0.1e-42.el6_7.4" }, { "product_name" : "Red Hat Enterprise Linux 6 Supplementary", "release_date" : "2018-08-28T00:00:00Z", "advisory" : "RHSA-2018:2575", "cpe" : "cpe:/a:redhat:rhel_extras:6", "package" : "java-1.8.0-ibm-1:1.8.0.5.20-1jpp.1.el6_10" }, { "product_name" : "Red Hat Enterprise Linux 7", "release_date" : "2016-03-01T00:00:00Z", "advisory" : "RHSA-2016:0301", "cpe" : "cpe:/o:redhat:enterprise_linux:7", "package" : "openssl-1:1.0.1e-51.el7_2.4" }, { "product_name" : "Red Hat Enterprise Linux 7 Supplementary", "release_date" : "2018-08-27T00:00:00Z", "advisory" : "RHSA-2018:2568", "cpe" : "cpe:/a:redhat:rhel_extras:7", "package" : "java-1.8.0-ibm-1:1.8.0.5.20-1jpp.1.el7" }, { "product_name" : "Red Hat Satellite 5.8", "release_date" : "2018-09-17T00:00:00Z", "advisory" : "RHSA-2018:2713", "cpe" : "cpe:/a:redhat:network_satellite:5.8::el6", "package" : "java-1.8.0-ibm-1:1.8.0.5.20-1jpp.1.el6_10" }, { "product_name" : "RHEV 3.X Hypervisor and Agents for RHEL-6", "release_date" : "2016-03-09T00:00:00Z", "advisory" : "RHSA-2016:0379", "cpe" : "cpe:/o:redhat:enterprise_linux:6::hypervisor", "package" : "rhev-hypervisor7-0:7.2-20160302.1.el6ev" }, { "product_name" : "RHEV 3.X Hypervisor and Agents for RHEL-7", "release_date" : "2016-03-09T00:00:00Z", "advisory" : "RHSA-2016:0379", "cpe" : "cpe:/o:redhat:enterprise_linux:7::hypervisor", "package" : "rhev-hypervisor7-0:7.2-20160302.1.el7ev" }, { "product_name" : "Text-Only JBCS", "release_date" : "2016-12-15T00:00:00Z", "advisory" : "RHSA-2016:2957", "cpe" : "cpe:/a:redhat:jboss_core_services:1" } ], "package_state" : [ { "product_name" : "Red Hat Enterprise Linux 5", "fix_state" : "Not affected", "package_name" : "openssl", "cpe" : "cpe:/o:redhat:enterprise_linux:5" }, { "product_name" : "Red Hat Enterprise Linux 5", "fix_state" : "Not affected", "package_name" : "openssl097a", "cpe" : "cpe:/o:redhat:enterprise_linux:5" }, { "product_name" : "Red Hat Enterprise Linux 6", "fix_state" : "Not affected", "package_name" : "openssl098e", "cpe" : "cpe:/o:redhat:enterprise_linux:6" }, { "product_name" : "Red Hat Enterprise Linux 7", "fix_state" : "Not affected", "package_name" : "openssl098e", "cpe" : "cpe:/o:redhat:enterprise_linux:7" }, { "product_name" : "Red Hat Enterprise Linux Extended Update Support 6.7", "fix_state" : "Affected", "package_name" : "guest-images", "cpe" : "cpe:/o:redhat:rhel_eus:6.7" }, { "product_name" : "Red Hat Enterprise Linux Extended Update Support 7.2", "fix_state" : "Affected", "package_name" : "rhel-guest-image", "cpe" : "cpe:/o:redhat:rhel_eus:7.2" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 6", "fix_state" : "Not affected", "package_name" : "openssl", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:6" }, { "product_name" : "Red Hat JBoss Enterprise Web Server 2", "fix_state" : "Not affected", "package_name" : "openssl", "cpe" : "cpe:/a:redhat:jboss_enterprise_web_server:2" }, { "product_name" : "Red Hat JBoss Enterprise Web Server 3", "fix_state" : "Affected", "package_name" : "openssl", "cpe" : "cpe:/a:redhat:jboss_enterprise_web_server:3" } ], "references" : [ "https://www.cve.org/CVERecord?id=CVE-2016-0705\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-0705" ], "name" : "CVE-2016-0705", "csaw" : false }