Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

openssl: CVE-2016-2177, CVE-2016-2178, CVE-2016-2179, CVE-2016-2180, CVE-2016-2181, CVE-2016-2182, CVE-2016-2183, CVE-2016-6302, CVE-2016-6303, CVE-2016-6304, CVE-2016-6305, CVE-2016-6306, CVE-2016-6307, CVE-2016-6308 #2171

Closed
6 of 13 tasks
tianon opened this issue Sep 22, 2016 · 10 comments
Closed
6 of 13 tasks

openssl: CVE-2016-2177, CVE-2016-2178, CVE-2016-2179, CVE-2016-2180, CVE-2016-2181, CVE-2016-2182, CVE-2016-2183, CVE-2016-6302, CVE-2016-6303, CVE-2016-6304, CVE-2016-6305, CVE-2016-6306, CVE-2016-6307, CVE-2016-6308 #2171

tianon opened this issue Sep 22, 2016 · 10 comments
Labels
cve-tracker

Comments

@tianon
Copy link
Member

tianon commented Sep 22, 2016
edited by yosifkit
Loading

CVE-2016-2177, CVE-2016-2178, CVE-2016-2179, CVE-2016-2180, CVE-2016-2181, CVE-2016-2182, CVE-2016-2183, CVE-2016-6302, CVE-2016-6303, CVE-2016-6304, CVE-2016-6305, CVE-2016-6306, CVE-2016-6307, CVE-2016-6308

https://www.openssl.org/news/secadv/20160922.txt

CVE-2016-2177: https://www.openssl.org/news/vulnerabilities.html#2016-2177

  • Fixed in OpenSSL 1.0.1u (Affected 1.0.1t, 1.0.1s, 1.0.1r, 1.0.1q, 1.0.1p, 1.0.1o, 1.0.1n, 1.0.1m, 1.0.1l, 1.0.1k, 1.0.1j, 1.0.1i, 1.0.1h, 1.0.1g, 1.0.1f, 1.0.1e, 1.0.1d, 1.0.1c, 1.0.1b, 1.0.1a, 1.0.1)
  • Fixed in OpenSSL 1.0.2i (Affected 1.0.2h, 1.0.2g, 1.0.2f, 1.0.2e, 1.0.2d, 1.0.2c, 1.0.2b, 1.0.2a, 1.0.2)

CVE-2016-2178: https://www.openssl.org/news/vulnerabilities.html#2016-2178

  • Fixed in OpenSSL 1.0.1u (Affected 1.0.1t, 1.0.1s, 1.0.1r, 1.0.1q, 1.0.1p, 1.0.1o, 1.0.1n, 1.0.1m, 1.0.1l, 1.0.1k, 1.0.1j, 1.0.1i, 1.0.1h, 1.0.1g, 1.0.1f, 1.0.1e, 1.0.1d, 1.0.1c, 1.0.1b, 1.0.1a, 1.0.1)
  • Fixed in OpenSSL 1.0.2i (Affected 1.0.2h, 1.0.2g, 1.0.2f, 1.0.2e, 1.0.2d, 1.0.2c, 1.0.2b, 1.0.2a, 1.0.2)

CVE-2016-2179: https://www.openssl.org/news/vulnerabilities.html#2016-2179

  • Fixed in OpenSSL 1.0.1u (Affected 1.0.1t, 1.0.1s, 1.0.1r, 1.0.1q, 1.0.1p, 1.0.1o, 1.0.1n, 1.0.1m, 1.0.1l, 1.0.1k, 1.0.1j, 1.0.1i, 1.0.1h, 1.0.1g, 1.0.1f, 1.0.1e, 1.0.1d, 1.0.1c, 1.0.1b, 1.0.1a, 1.0.1)
  • Fixed in OpenSSL 1.0.2i (Affected 1.0.2h, 1.0.2g, 1.0.2f, 1.0.2e, 1.0.2d, 1.0.2c, 1.0.2b, 1.0.2a, 1.0.2)

CVE-2016-2180: https://www.openssl.org/news/vulnerabilities.html#2016-2180

  • Fixed in OpenSSL 1.0.1u (Affected 1.0.1t, 1.0.1s, 1.0.1r, 1.0.1q, 1.0.1p, 1.0.1o, 1.0.1n, 1.0.1m, 1.0.1l, 1.0.1k, 1.0.1j, 1.0.1i, 1.0.1h, 1.0.1g, 1.0.1f, 1.0.1e, 1.0.1d, 1.0.1c, 1.0.1b, 1.0.1a, 1.0.1)
  • Fixed in OpenSSL 1.0.2i (Affected 1.0.2h, 1.0.2g, 1.0.2f, 1.0.2e, 1.0.2d, 1.0.2c, 1.0.2b, 1.0.2a, 1.0.2)

CVE-2016-2181: https://www.openssl.org/news/vulnerabilities.html#2016-2181

  • Fixed in OpenSSL 1.0.1u (Affected 1.0.1t, 1.0.1s, 1.0.1r, 1.0.1q, 1.0.1p, 1.0.1o, 1.0.1n, 1.0.1m, 1.0.1l, 1.0.1k, 1.0.1j, 1.0.1i, 1.0.1h, 1.0.1g, 1.0.1f, 1.0.1e, 1.0.1d, 1.0.1c, 1.0.1b, 1.0.1a, 1.0.1)
  • Fixed in OpenSSL 1.0.2i (Affected 1.0.2h, 1.0.2g, 1.0.2f, 1.0.2e, 1.0.2d, 1.0.2c, 1.0.2b, 1.0.2a, 1.0.2)

CVE-2016-2182: https://www.openssl.org/news/vulnerabilities.html#2016-2182

  • Fixed in OpenSSL 1.0.1u (Affected 1.0.1t, 1.0.1s, 1.0.1r, 1.0.1q, 1.0.1p, 1.0.1o, 1.0.1n, 1.0.1m, 1.0.1l, 1.0.1k, 1.0.1j, 1.0.1i, 1.0.1h, 1.0.1g, 1.0.1f, 1.0.1e, 1.0.1d, 1.0.1c, 1.0.1b, 1.0.1a, 1.0.1)
  • Fixed in OpenSSL 1.0.2i (Affected 1.0.2h, 1.0.2g, 1.0.2f, 1.0.2e, 1.0.2d, 1.0.2c, 1.0.2b, 1.0.2a, 1.0.2)

CVE-2016-2183: https://www.openssl.org/news/vulnerabilities.html#2016-2183 (does not appear to be listed on "vulnerabilities.html"); https://sweet32.info/

  • OpenSSL 1.0.2 users should upgrade to 1.0.2i
  • OpenSSL 1.0.1 users should upgrade to 1.0.1u

CVE-2016-6302: https://www.openssl.org/news/vulnerabilities.html#2016-6302

  • Fixed in OpenSSL 1.0.1u (Affected 1.0.1t, 1.0.1s, 1.0.1r, 1.0.1q, 1.0.1p, 1.0.1o, 1.0.1n, 1.0.1m, 1.0.1l, 1.0.1k, 1.0.1j, 1.0.1i, 1.0.1h, 1.0.1g, 1.0.1f, 1.0.1e, 1.0.1d, 1.0.1c, 1.0.1b, 1.0.1a, 1.0.1)
  • Fixed in OpenSSL 1.0.2i (Affected 1.0.2h, 1.0.2g, 1.0.2f, 1.0.2e, 1.0.2d, 1.0.2c, 1.0.2b, 1.0.2a, 1.0.2)

CVE-2016-6303: https://www.openssl.org/news/vulnerabilities.html#2016-6303

  • Fixed in OpenSSL 1.0.1u (Affected 1.0.1t, 1.0.1s, 1.0.1r, 1.0.1q, 1.0.1p, 1.0.1o, 1.0.1n, 1.0.1m, 1.0.1l, 1.0.1k, 1.0.1j, 1.0.1i, 1.0.1h, 1.0.1g, 1.0.1f, 1.0.1e, 1.0.1d, 1.0.1c, 1.0.1b, 1.0.1a, 1.0.1)
  • Fixed in OpenSSL 1.0.2i (Affected 1.0.2h, 1.0.2g, 1.0.2f, 1.0.2e, 1.0.2d, 1.0.2c, 1.0.2b, 1.0.2a, 1.0.2)

CVE-2016-6304: https://www.openssl.org/news/vulnerabilities.html#2016-6304

  • Fixed in OpenSSL 1.0.1u (Affected 1.0.1t, 1.0.1s, 1.0.1r, 1.0.1q, 1.0.1p, 1.0.1o, 1.0.1n, 1.0.1m, 1.0.1l, 1.0.1k, 1.0.1j, 1.0.1i, 1.0.1h, 1.0.1g, 1.0.1f, 1.0.1e, 1.0.1d, 1.0.1c, 1.0.1b, 1.0.1a, 1.0.1)
  • Fixed in OpenSSL 1.0.2i (Affected 1.0.2h, 1.0.2g, 1.0.2f, 1.0.2e, 1.0.2d, 1.0.2c, 1.0.2b, 1.0.2a, 1.0.2)
  • Fixed in OpenSSL 1.1.0a (Affected 1.1.0)

CVE-2016-6305: https://www.openssl.org/news/vulnerabilities.html#2016-6305

  • Fixed in OpenSSL 1.1.0a (Affected 1.1.0)

CVE-2016-6306: https://www.openssl.org/news/vulnerabilities.html#2016-6306

  • Fixed in OpenSSL 1.0.1u (Affected 1.0.1t, 1.0.1s, 1.0.1r, 1.0.1q, 1.0.1p, 1.0.1o, 1.0.1n, 1.0.1m, 1.0.1l, 1.0.1k, 1.0.1j, 1.0.1i, 1.0.1h, 1.0.1g, 1.0.1f, 1.0.1e, 1.0.1d, 1.0.1c, 1.0.1b, 1.0.1a, 1.0.1)
  • Fixed in OpenSSL 1.0.2i (Affected 1.0.2h, 1.0.2g, 1.0.2f, 1.0.2e, 1.0.2d, 1.0.2c, 1.0.2b, 1.0.2a, 1.0.2)

CVE-2016-6307: https://www.openssl.org/news/vulnerabilities.html#2016-6306

  • Fixed in OpenSSL 1.1.0a (Affected 1.1.0)

CVE-2016-6308: https://www.openssl.org/news/vulnerabilities.html#2016-6306

  • Fixed in OpenSSL 1.1.0a (Affected 1.1.0)
@tianon
Copy link
Member Author

tianon commented Sep 22, 2016

@bryteise are there any good links for CVE-tracking WRT Clear Linux? 🙏

@bryteise
Copy link
Contributor

@tianon I'm sorry we do not have anything externally facing that can be linked to for the issue. It is something that is being looked at but I do not have any timeline for availability =(.

This is something that is definitely being tracked and we are looking to make a release as soon as possible for these.

@tianon
Copy link
Member Author

tianon commented Sep 22, 2016

@bryteise ok, that's good enough; thanks! 👍

@tianon
Copy link
Member Author

tianon commented Sep 22, 2016

Looks like we've a few fixes available upstream. 😄

@andyshinn alpine looks updated!

@prologic crux looks updated! (https://crux.nu/gitweb/?p=ports/core.git;a=commit;h=5f0151ef41df86a94eb7ef5baab7d0c988515439)

@frapposelli photon looks updated! (vmware/photon@5d2fa23; not sure what it takes for it to move from dev to master 😇)

@vaygr sourcemage looks updated! (http://scmweb.sourcemage.org/?p=smgl/grimoire.git;a=commit;h=c4937fa93fc0d46ff07e3d31f10e9824faadb89f)

🙏

@tianon
Copy link
Member Author

tianon commented Sep 22, 2016

(Ubuntu is in progress, as is Debian)

@andyshinn andyshinn mentioned this issue Sep 22, 2016
Merged
tianon added a commit to docker-library/tomcat that referenced this issue Sep 23, 2016
@tianon
Update OPENSSL_VERSION to 1.0.2i-1
e7ba4eb 
See also docker-library/official-images#2171.
This was referenced Sep 23, 2016
Merged
Merged
@tianon
Copy link
Member Author

tianon commented Sep 26, 2016

ARRRRG https://www.openssl.org/news/secadv/20160926.txt

@tianon
Copy link
Member Author

tianon commented Sep 26, 2016
edited
Loading

At least Debian and Ubuntu appear to be unaffected by this new advisory (https://security-tracker.debian.org/tracker/CVE-2016-7052, <not-affected> (Introduced in 1.0.2i)).

@Djelibeybi Djelibeybi mentioned this issue Sep 28, 2016
Merged
@tianon
Copy link
Member Author

tianon commented Feb 14, 2017

I think this is likely as good as it's going to get at this point. 👍

@tianon tianon closed this as completed Feb 14, 2017
@yosifkit yosifkit mentioned this issue Nov 1, 2019
Merged
@yosifkit yosifkit mentioned this issue Dec 31, 2019
Closed
This was referenced Feb 4, 2020
Closed
Closed
@yosifkit yosifkit mentioned this issue Mar 27, 2020
Merged
@yosifkit yosifkit mentioned this issue Apr 22, 2020
Closed
@yosifkit yosifkit mentioned this issue May 13, 2020
Closed
@yosifkit yosifkit mentioned this issue Sep 14, 2020
Closed
@yosifkit yosifkit mentioned this issue Oct 12, 2020
Closed
@yosifkit yosifkit mentioned this issue Feb 22, 2021
Closed
This was referenced Aug 25, 2021
Closed
Merged
This was referenced Sep 9, 2021
Merged
Merged
@yanjb

This comment was marked as off-topic.

Sign in to view
@tianon

This comment was marked as resolved.

Sign in to view
@yosifkit yosifkit mentioned this issue Nov 18, 2022
Merged
@yosifkit yosifkit mentioned this issue Apr 14, 2023
Closed
This was referenced Jun 7, 2023
Closed
Closed
@tianon tianon mentioned this issue Jun 20, 2023
Closed
@yosifkit yosifkit mentioned this issue Aug 5, 2023
Merged
@tianon tianon mentioned this issue Feb 1, 2024
Closed
@yosifkit yosifkit mentioned this issue May 2, 2024
Open
10 tasks
@yosifkit yosifkit mentioned this issue Aug 8, 2024
Merged
@yosifkit yosifkit mentioned this issue Sep 19, 2024
Draft
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
cve-tracker
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@bryteise @tianon @yanjb