{"id":12780,"date":"2016-05-13T15:47:07","date_gmt":"2016-05-13T07:47:07","guid":{"rendered":"https:\/\/www.deepin.org\/?p=12780"},"modified":"2017-08-31T10:43:11","modified_gmt":"2017-08-31T02:43:11","slug":"security-updates%ef%bc%88dsa-3566-1-dsa-3567-1%ef%bc%89","status":"publish","type":"post","link":"https:\/\/www.deepin.org.cn\/en\/security-updates%ef%bc%88dsa-3566-1-dsa-3567-1%ef%bc%89\/","title":{"rendered":"Security Updates (DSA-3566-1 &#038;DSA-3567-1)"},"content":{"rendered":"<a href=\"http:\/\/blog.deepin.org\/wp-content\/uploads\/en31.jpg\" target=\"_blank\"><img loading=\"lazy\" class=\"aligncenter wp-image-9832\" src=\"http:\/\/blog.deepin.org\/wp-content\/uploads\/en31.jpg\" alt=\"en\" width=\"749\" height=\"321\" \/><\/a><\/p>\n<p>The security updates of openssl and libpam-sshauth.<\/p>\n<p>&nbsp;<\/p>\n<h2><b>Vulnerability Information<\/b><\/h2>\n<p><strong>DSA-3566-1 openssl\u2013Security Updates<\/strong><\/p>\n<p>Security database details:<\/p>\n<ul>\n<li><a href=\"https:\/\/security-tracker.debian.org\/tracker\/CVE-2016-2105\" rel=\"nofollow\">CVE-2016-2105<\/a>:\u00a0Guido Vranken discovered that an overflow can occur in the function EVP_EncodeUpdate(), used for Base64 encoding, if an attacker can supply a large amount of data. This could lead to a heap corruption.<\/li>\n<li><a href=\"https:\/\/security-tracker.debian.org\/tracker\/CVE-2016-2106\" target=\"_blank\" rel=\"nofollow\">CVE-2016-2106<\/a>:\u00a0Guido Vranken discovered that an overflow can occur in the function EVP_EncryptUpdate() if an attacker can supply a large amount of data. This could lead to a heap corruption.<\/li>\n<li><a href=\"https:\/\/security-tracker.debian.org\/tracker\/CVE-2016-2107\" rel=\"nofollow\">CVE-2016-2107<\/a>:\u00a0Juraj Somorovsky discovered a padding oracle in the AES CBC cipher implementation based on the AES-NI instruction set. This could allow an attacker to decrypt TLS traffic encrypted with one of the cipher suites based on AES CBC.<\/li>\n<li><a href=\"https:\/\/security-tracker.debian.org\/tracker\/CVE-2016-2108\" target=\"_blank\" rel=\"nofollow\">CVE-2016-2108<\/a>:\u00a0David Benjamin from Google discovered that two separate bugs in the ASN.1 encoder, related to handling of negative zero integer values and large universal tags, could lead to an out-of-bounds write.<\/li>\n<li><a href=\"https:\/\/security-tracker.debian.org\/tracker\/CVE-2016-2109\" rel=\"nofollow\">CVE-2016-2109<\/a>:\u00a0Brian Carpenter discovered that when ASN.1 data is read from a BIO using functions such as d2i_CMS_bio(), a short invalid encoding can cause allocation of large amounts of memory potentially consuming excessive resources or exhausting memory.<\/li>\n<\/ul>\n<p>&nbsp;<\/p>\n<p><strong>DSA-3567-1 libpam-sshauth\u2013Security Updates<\/strong><\/p>\n<p>Security database details:<\/p>\n<ul>\n<li><a href=\"https:\/\/security-tracker.debian.org\/tracker\/CVE-2016-4422\" target=\"_blank\" rel=\"nofollow\">CVE-2016-4422<\/a>:\u00a0The pam_sm_authenticate function in pam_sshauth.c in libpam-sshauth might allow context-dependent attackers to bypass authentication or gain privileges via a system user account.<\/li>\n<\/ul>\n<p>&nbsp;<\/p>\n<h2><b>Fixing Status<\/b><\/h2>\n<p>openssl security vulnerabilities have been fixed in version 1.0.2h-1; libpam-sshauth security vulnerabilities have been fixed in version\u00a00.4.1-2.<\/p>\n<p>We recommend that you upgrade the system to obtain the patches to fix the vulnerabilities.","protected":false},"excerpt":{"rendered":"<p>The security updates of openssl and libpam-sshauth. &nbsp; Vulnerability Information DSA-3566-1 openssl\u2013Security Updates Security database details: CVE-2016-2105:\u00a0Guido Vranken discovered that an overflow can occur in the function EVP_EncodeUpdate(), used for Base64 encoding, if an attacker can supply a large amount of data. This could lead to a heap corruption. CVE-2016-2106:\u00a0Guido Vranken discovered that an overflow can occur in the function EVP_EncryptUpdate() if an attacker can supply a large amount of data. This could lead to a heap corruption. CVE-2016-2107:\u00a0Juraj Somorovsky discovered a padding oracle in the AES CBC cipher implementation based on the AES-NI instruction set. This could allow an ...<a href=https:\/\/www.deepin.org.cn\/en\/security-updates%ef%bc%88dsa-3566-1-dsa-3567-1%ef%bc%89\/>Read more<\/a><\/p>\n","protected":false},"author":1,"featured_media":12784,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":[],"categories":[75],"tags":[],"_links":{"self":[{"href":"https:\/\/www.deepin.org.cn\/en\/wp-json\/wp\/v2\/posts\/12780"}],"collection":[{"href":"https:\/\/www.deepin.org.cn\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.deepin.org.cn\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.deepin.org.cn\/en\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.deepin.org.cn\/en\/wp-json\/wp\/v2\/comments?post=12780"}],"version-history":[{"count":11,"href":"https:\/\/www.deepin.org.cn\/en\/wp-json\/wp\/v2\/posts\/12780\/revisions"}],"predecessor-version":[{"id":25290,"href":"https:\/\/www.deepin.org.cn\/en\/wp-json\/wp\/v2\/posts\/12780\/revisions\/25290"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.deepin.org.cn\/en\/wp-json\/"}],"wp:attachment":[{"href":"https:\/\/www.deepin.org.cn\/en\/wp-json\/wp\/v2\/media?parent=12780"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.deepin.org.cn\/en\/wp-json\/wp\/v2\/categories?post=12780"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.deepin.org.cn\/en\/wp-json\/wp\/v2\/tags?post=12780"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}