968047 – (CVE-2016-0705) VUL-0: CVE-2016-0705: openssl: Double-free in DSA code

Bug 968047 (CVE-2016-0705) - VUL-0: CVE-2016-0705: openssl: Double-free in DSA code

Summary: VUL-0: CVE-2016-0705: openssl: Double-free in DSA code

Status:	RESOLVED FIXED

Alias:	CVE-2016-0705

Product:	SUSE Security Incidents
Classification:	Novell Products
Component:	Incidents (show other bugs)
Version:	unspecified
Hardware:	Other Other

Priority:	P3 - Medium Severity: Minor
Target Milestone:	---
Assignee:	Security Team bot
QA Contact:	Security Team bot

URL:
Whiteboard:	maint:running:62484:important CVSSv...
Keywords:

Depends on:
Blocks:	968044
	Show dependency tree / graph

Clone This Bug

Reported:	2016-02-24 13:35 UTC by Alexander Bergmann
Modified:	2022-02-16 21:22 UTC (History)
CC List:	6 users (show)

See Also:
Found By:	---
Services Priority:
Business Priority:
Blocker:	---
Marketing QA Status:	---
IT Deployment:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Comment 3 Marcus Meissner 2016-02-25 14:00:12 UTC

QA:

we have not received a reproducer for this I think.

Comment 10 Marcus Meissner 2016-02-29 15:08:27 UTC

Upstream already has it in public git:


commit ccb2a614074ee15c0fbbb9dd49e3cd258d68380a
Author: Dr. Stephen Henson <steve@openssl.org>
Date:   Thu Feb 18 12:47:23 2016 +0000

    Fix double free in DSA private key parsing.
    
    Fix double free bug when parsing malformed DSA private keys.
    
    Thanks to Adam Langley (Google/BoringSSL) for discovering this bug using
    libFuzzer.
    
    CVE-2016-0705
    
    Reviewed-by: Emilia Käsper <emilia@openssl.org>
    (cherry picked from commit 6c88c71b4e4825c7bc0489306d062d017634eb88)

Comment 11 Marcus Meissner 2016-02-29 15:11:29 UTC

This problem does not seem to affect openssl 0.9.8j, the problematic code does not seem to be present.

Comment 12 Marcus Meissner 2016-03-01 13:39:05 UTC

was already public

Comment 13 Marcus Meissner 2016-03-01 14:23:48 UTC

Double-free in DSA code (CVE-2016-0705)
=======================================

Severity: Low

A double free bug was discovered when OpenSSL parses malformed DSA private keys
and could lead to a DoS attack or memory corruption for applications that
receive DSA private keys from untrusted sources.  This scenario is considered
rare.

This issue affects OpenSSL versions 1.0.2 and 1.0.1.

OpenSSL 1.0.2 users should upgrade to 1.0.2g
OpenSSL 1.0.1 users should upgrade to 1.0.1s

This issue was reported to OpenSSL on February 7th 2016 by Adam Langley
(Google/BoringSSL) using libFuzzer. The fix was developed by Dr Stephen Henson
of OpenSSL.

Comment 14 Bernhard Wiedemann 2016-03-01 15:00:35 UTC

This is an autogenerated message for OBS integration:
This bug (968047) was mentioned in
https://build.opensuse.org/request/show/363587 13.2 / openssl

Comment 15 Vítězslav Čížek 2016-03-01 16:48:33 UTC

Packages are submitted.
Reassigning to security team.

Comment 16 Swamp Workflow Management 2016-03-01 17:13:17 UTC

SUSE-SU-2016:0617-1: An update that solves 9 vulnerabilities and has two fixes is now available.

Category: security (important)
Bug References: 952871,958501,963415,968046,968047,968048,968050,968051,968053,968265,968374
CVE References: CVE-2015-3197,CVE-2016-0702,CVE-2016-0703,CVE-2016-0704,CVE-2016-0705,CVE-2016-0797,CVE-2016-0798,CVE-2016-0799,CVE-2016-0800
Sources used:
SUSE Linux Enterprise Software Development Kit 12 (src):    openssl-1.0.1i-27.13.1
SUSE Linux Enterprise Server 12 (src):    openssl-1.0.1i-27.13.1
SUSE Linux Enterprise Desktop 12 (src):    openssl-1.0.1i-27.13.1

Comment 17 Swamp Workflow Management 2016-03-01 17:17:12 UTC

SUSE-SU-2016:0620-1: An update that solves 9 vulnerabilities and has one errata is now available.

Category: security (important)
Bug References: 958501,963415,968046,968047,968048,968050,968051,968053,968265,968374
CVE References: CVE-2015-3197,CVE-2016-0702,CVE-2016-0703,CVE-2016-0704,CVE-2016-0705,CVE-2016-0797,CVE-2016-0798,CVE-2016-0799,CVE-2016-0800
Sources used:
SUSE Linux Enterprise Software Development Kit 12-SP1 (src):    openssl-1.0.1i-44.1
SUSE Linux Enterprise Server 12-SP1 (src):    openssl-1.0.1i-44.1
SUSE Linux Enterprise Desktop 12-SP1 (src):    openssl-1.0.1i-44.1

Comment 18 Swamp Workflow Management 2016-03-01 17:20:04 UTC

SUSE-SU-2016:0621-1: An update that solves 9 vulnerabilities and has one errata is now available.

Category: security (important)
Bug References: 952871,963415,968046,968047,968048,968050,968051,968053,968265,968374
CVE References: CVE-2015-3197,CVE-2016-0702,CVE-2016-0703,CVE-2016-0704,CVE-2016-0705,CVE-2016-0797,CVE-2016-0798,CVE-2016-0799,CVE-2016-0800
Sources used:
SUSE Linux Enterprise Server 11-SECURITY (src):    openssl1-1.0.1g-0.40.1

Comment 19 Swamp Workflow Management 2016-03-01 18:13:07 UTC

SUSE-SU-2016:0624-1: An update that solves 7 vulnerabilities and has two fixes is now available.

Category: security (important)
Bug References: 952871,963415,967787,968046,968047,968048,968051,968053,968374
CVE References: CVE-2015-3197,CVE-2016-0702,CVE-2016-0703,CVE-2016-0705,CVE-2016-0797,CVE-2016-0799,CVE-2016-0800
Sources used:
SUSE Studio Onsite 1.3 (src):    openssl-0.9.8j-0.89.1
SUSE Linux Enterprise Software Development Kit 11-SP4 (src):    openssl-0.9.8j-0.89.1
SUSE Linux Enterprise Server 11-SP4 (src):    openssl-0.9.8j-0.89.1
SUSE Linux Enterprise Server 11-SP3-LTSS (src):    openssl-0.9.8j-0.89.1
SUSE Linux Enterprise Server 11-SP2-LTSS (src):    openssl-0.9.8j-0.89.1
SUSE Linux Enterprise Desktop 11-SP4 (src):    openssl-0.9.8j-0.89.1
SUSE Linux Enterprise Debuginfo 11-SP4 (src):    openssl-0.9.8j-0.89.1
SUSE Linux Enterprise Debuginfo 11-SP3 (src):    openssl-0.9.8j-0.89.1
SUSE Linux Enterprise Debuginfo 11-SP2 (src):    openssl-0.9.8j-0.89.1

Comment 20 Swamp Workflow Management 2016-03-02 11:12:24 UTC

openSUSE-SU-2016:0627-1: An update that solves 6 vulnerabilities and has one errata is now available.

Category: security (important)
Bug References: 952871,968046,968047,968048,968050,968265,968374
CVE References: CVE-2016-0702,CVE-2016-0705,CVE-2016-0797,CVE-2016-0798,CVE-2016-0799,CVE-2016-0800
Sources used:
openSUSE 13.2 (src):    openssl-1.0.1k-2.33.1

Comment 21 Swamp Workflow Management 2016-03-02 13:12:37 UTC

openSUSE-SU-2016:0628-1: An update that solves 9 vulnerabilities and has one errata is now available.

Category: security (important)
Bug References: 958501,963415,968046,968047,968048,968050,968051,968053,968265,968374
CVE References: CVE-2015-3197,CVE-2016-0702,CVE-2016-0703,CVE-2016-0704,CVE-2016-0705,CVE-2016-0797,CVE-2016-0798,CVE-2016-0799,CVE-2016-0800
Sources used:
openSUSE Leap 42.1 (src):    openssl-1.0.1i-12.1

Comment 22 Swamp Workflow Management 2016-03-02 22:13:10 UTC

openSUSE-SU-2016:0637-1: An update that fixes 11 vulnerabilities is now available.

Category: security (important)
Bug References: 957812,957815,963415,968046,968047,968048,968050,968265,968374
CVE References: CVE-2015-1794,CVE-2015-3194,CVE-2015-3195,CVE-2015-3197,CVE-2016-0701,CVE-2016-0702,CVE-2016-0705,CVE-2016-0797,CVE-2016-0798,CVE-2016-0799,CVE-2016-0800
Sources used:
openSUSE Evergreen 11.4 (src):    openssl-1.0.1p-71.1

Comment 23 Marcus Meissner 2016-03-03 13:17:29 UTC

released

Comment 24 Marcus Meissner 2016-04-06 13:28:33 UTC

This bug was incorrectly listed as affected openssl 0.9.8j, but it does not .

We added a patch which just adds the new helper function, but it is not called.

Comment 25 Swamp Workflow Management 2016-04-15 19:10:35 UTC

SUSE-SU-2016:1057-1: An update that solves 7 vulnerabilities and has two fixes is now available.

Category: security (important)
Bug References: 952871,963415,967787,968046,968047,968048,968051,968053,968374
CVE References: CVE-2015-3197,CVE-2016-0702,CVE-2016-0703,CVE-2016-0705,CVE-2016-0797,CVE-2016-0799,CVE-2016-0800
Sources used:
SUSE OpenStack Cloud 5 (src):    openssl-0.9.8j-0.91.1
SUSE Manager Proxy 2.1 (src):    openssl-0.9.8j-0.91.1
SUSE Manager 2.1 (src):    openssl-0.9.8j-0.91.1

Comment 26 Swamp Workflow Management 2016-06-14 09:08:34 UTC

openSUSE-SU-2016:1566-1: An update that fixes 5 vulnerabilities is now available.

Category: security (important)
Bug References: 968047,968048,968050,977614,977616
CVE References: CVE-2016-0702,CVE-2016-0705,CVE-2016-0797,CVE-2016-2105,CVE-2016-2107
Sources used:
openSUSE Leap 42.1 (src):    nodejs-4.4.5-27.1
openSUSE 13.2 (src):    nodejs-4.4.5-18.1

Comment 28 Swamp Workflow Management 2022-02-16 21:22:38 UTC

SUSE-FU-2022:0445-1: An update that solves 183 vulnerabilities, contains 21 features and has 299 fixes is now available.

Category: feature (moderate)
Bug References: 1000080,1000117,1000194,1000677,1000742,1001148,1001912,1002585,1002895,1003091,1005246,1009528,1010874,1010966,1011936,1015549,1019637,1021641,1022085,1022086,1022271,1027079,1027610,1027688,1027705,1027908,1028281,1028723,1029523,1029902,1030038,1032118,1032119,1035604,1039469,1040164,1040256,1041090,1042392,1042670,1044095,1044107,1044175,1049186,1049304,1050653,1050665,1055478,1055542,1055825,1056058,1056951,1057496,1062237,1065363,1066242,1066873,1068790,1070737,1070738,1070853,1071905,1071906,1071941,1073310,1073845,1073879,1074247,1076519,1077096,1077230,1078329,1079761,1080301,1081005,1081750,1081751,1082155,1082163,1082318,1083826,1084117,1084157,1085276,1085529,1085661,1087102,1087104,1088573,1089039,1090427,1090765,1090953,1093518,1093917,1094788,1094814,1094883,1095267,1096738,1096937,1097158,1097531,1097624,1098535,1098592,1099308,1099569,1100078,1101246,1101470,1102868,1104789,1106197,1108508,1109882,1109998,1110435,1110869,1110871,1111493,1111622,1111657,1112209,1112357,1113534,1113652,1113742,1113975,1115769,1117951,1118611,1119376,1119416,1119792,1121717,1121852,1122191,1123064,1123185,1123186,1123558,1124885,1125815,1126283,1126318,1127080,1127173,1128146,1128323,1128355,1129071,1129566,1130840,1131291,1132174,1132323,1132455,1132663,1132900,1135009,1136444,1138666,1138715,1138746,1139915,1140255,1141168,1142899,1143033,1143454,1143893,1144506,1149686,1149792,1150003,1150190,1150250,1150895,1153830,1155815,1156677,1156694,1156908,1157104,1157354,1158809,1159235,1159538,1160163,1161557,1161770,1162224,1162367,1162743,1163978,1164310,1165439,1165578,1165730,1165823,1165960,1166139,1166758,1167008,1167501,1167732,1167746,1168480,1168973,1169489,1170175,1170863,1171368,1171561,1172226,1172908,1172928,1173226,1173356,1174009,1174091,1174514,1175729,1176116,1176129,1176134,1176232,1176256,1176257,1176258,1176259,1176262,1176389,1176785,1176977,1177120,1177127,1177559,1178168,1178341,1178670,1179491,1179562,1179630,1179805,1180125,1180781,1181126,1181324,1181944,1182066,1182211,1182244,1182264,1182331,1182333,1182379,1182963,1183059,1183374,1183858,1184505,1185588,1185706,1185748,1186738,1187045,1189521,1190781,1193357,356549,381844,394317,408865,428177,430141,431945,437293,442740,459468,489641,504687,509031,526319,590833,610223,610642,629905,637176,651003,657698,658604,670526,673071,693027,715423,720601,743787,747125,748738,749210,749213,749735,750618,751718,751946,751977,754447,754677,761500,774710,784670,784994,787526,793420,799119,802184,803004,809831,811890,822642,825221,828513,831629,832833,834601,835687,839107,84331,849377,855666,855676,856687,857203,857850,858239,867887,869945,871152,872299,873351,876282,876710,876712,876748,880891,885662,885882,889013,889363,892477,892480,895129,898917,901223,901277,901902,902364,906878,907584,908362,908372,912014,912015,912018,912292,912293,912294,912296,912460,913229,915479,917607,917759,917815,919648,920236,922448,922488,922496,922499,922500,926597,929678,929736,930189,931698,931978,933898,933911,934487,934489,934491,934493,935856,937085,937212,937492,937634,937912,939456,940608,942385,942751,943421,944204,945455,946648,947104,947357,947679,948198,952871,954256,954486,954690,957812,957813,957815,958501,961334,962291,963415,963974,964204,964472,964474,965830,967128,968046,968047,968048,968050,968265,968270,968374,968601,975875,976942,977584,977614,977615,977616,977663,978224,981848,982268,982575,983249,984323,985054,988086,990207,990392,990419,990428,991193,991877,992120,992988,992989,992992,993130,993819,993825,993968,994749,994844,994910,995075,995324,995359,995377,995959,996255,997043,997614,998190,999665,999666,999668
CVE References: CVE-2006-2937,CVE-2006-2940,CVE-2006-3738,CVE-2006-4339,CVE-2006-4343,CVE-2006-7250,CVE-2007-3108,CVE-2007-4995,CVE-2007-5135,CVE-2008-0891,CVE-2008-1672,CVE-2008-5077,CVE-2009-0590,CVE-2009-0591,CVE-2009-0789,CVE-2009-1377,CVE-2009-1378,CVE-2009-1379,CVE-2009-1386,CVE-2009-1387,CVE-2010-0740,CVE-2010-0742,CVE-2010-1633,CVE-2010-2939,CVE-2010-3864,CVE-2010-5298,CVE-2011-0014,CVE-2011-3207,CVE-2011-3210,CVE-2011-3389,CVE-2011-4108,CVE-2011-4576,CVE-2011-4577,CVE-2011-4619,CVE-2011-4944,CVE-2012-0027,CVE-2012-0050,CVE-2012-0845,CVE-2012-0884,CVE-2012-1150,CVE-2012-1165,CVE-2012-2110,CVE-2012-2686,CVE-2012-4929,CVE-2013-0166,CVE-2013-0169,CVE-2013-1752,CVE-2013-4238,CVE-2013-4314,CVE-2013-4353,CVE-2013-6449,CVE-2013-6450,CVE-2014-0012,CVE-2014-0076,CVE-2014-0160,CVE-2014-0195,CVE-2014-0198,CVE-2014-0221,CVE-2014-0224,CVE-2014-1829,CVE-2014-1830,CVE-2014-2667,CVE-2014-3470,CVE-2014-3505,CVE-2014-3506,CVE-2014-3507,CVE-2014-3508,CVE-2014-3509,CVE-2014-3510,CVE-2014-3511,CVE-2014-3512,CVE-2014-3513,CVE-2014-3566,CVE-2014-3567,CVE-2014-3568,CVE-2014-3570,CVE-2014-3571,CVE-2014-3572,CVE-2014-4650,CVE-2014-5139,CVE-2014-7202,CVE-2014-7203,CVE-2014-8275,CVE-2014-9721,CVE-2015-0204,CVE-2015-0205,CVE-2015-0206,CVE-2015-0209,CVE-2015-0286,CVE-2015-0287,CVE-2015-0288,CVE-2015-0289,CVE-2015-0293,CVE-2015-1788,CVE-2015-1789,CVE-2015-1790,CVE-2015-1791,CVE-2015-1792,CVE-2015-2296,CVE-2015-3194,CVE-2015-3195,CVE-2015-3196,CVE-2015-3197,CVE-2015-3216,CVE-2015-4000,CVE-2016-0702,CVE-2016-0705,CVE-2016-0797,CVE-2016-0798,CVE-2016-0799,CVE-2016-0800,CVE-2016-10745,CVE-2016-2105,CVE-2016-2106,CVE-2016-2107,CVE-2016-2109,CVE-2016-2176,CVE-2016-2177,CVE-2016-2178,CVE-2016-2179,CVE-2016-2180,CVE-2016-2181,CVE-2016-2182,CVE-2016-2183,CVE-2016-6302,CVE-2016-6303,CVE-2016-6304,CVE-2016-6306,CVE-2016-7052,CVE-2016-7055,CVE-2016-9015,CVE-2017-18342,CVE-2017-3731,CVE-2017-3732,CVE-2017-3735,CVE-2017-3736,CVE-2017-3737,CVE-2017-3738,CVE-2018-0732,CVE-2018-0734,CVE-2018-0737,CVE-2018-0739,CVE-2018-18074,CVE-2018-20060,CVE-2018-5407,CVE-2018-7750,CVE-2019-10906,CVE-2019-11236,CVE-2019-11324,CVE-2019-13132,CVE-2019-1547,CVE-2019-1551,CVE-2019-1559,CVE-2019-1563,CVE-2019-20907,CVE-2019-20916,CVE-2019-5010,CVE-2019-6250,CVE-2019-8341,CVE-2019-9740,CVE-2019-9947,CVE-2020-14343,CVE-2020-15166,CVE-2020-15523,CVE-2020-15801,CVE-2020-1747,CVE-2020-1971,CVE-2020-25659,CVE-2020-26137,CVE-2020-27783,CVE-2020-28493,CVE-2020-29651,CVE-2020-36242,CVE-2020-8492,CVE-2021-23336,CVE-2021-23840,CVE-2021-23841,CVE-2021-28957,CVE-2021-29921,CVE-2021-3177,CVE-2021-33503,CVE-2021-3426,CVE-2021-3712
JIRA References: ECO-3105,SLE-11435,SLE-12684,SLE-12986,SLE-13688,SLE-14253,SLE-15159,SLE-15860,SLE-15861,SLE-16754,SLE-17532,SLE-17957,SLE-18260,SLE-18354,SLE-18446,SLE-19264,SLE-3887,SLE-4480,SLE-4577,SLE-7686,SLE-9135
Sources used:
SUSE Manager Tools 12-BETA (src):    venv-salt-minion-3002.2-3.3.2

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.