CVE-2016-6302 – openssl: Insufficient TLS session ticket HMAC length checks
https://notcve.org/view.php?id=CVE-2016-6302
The tls_decrypt_ticket function in ssl/t1_lib.c in OpenSSL before 1.1.0 does not consider the HMAC size during validation of the ticket length, which allows remote attackers to cause a denial of service via a ticket that is too short. La función tls_decrypt_ticket en ssl/t1_lib.c en OpenSSL en versiones anteriores a 1.1.0 no considera el tamaño HMAC durante la validación de la longitud del ticket, lo que permite a atacantes remotos provocar una denegación de servicio a través de un ticket que es muy corto. An integer underflow flaw leading to a buffer over-read was found in the way OpenSSL parsed TLS session tickets. A remote attacker could use this flaw to crash a TLS server using OpenSSL if it used SHA-512 as HMAC for session tickets. • http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10759 http://rhn.redhat.com/errata/RHSA-2016-1940.html http://www-01.ibm.com/support/docview.wss?uid=swg21995039 http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html http://www.oracle.com/technetwork& • CWE-20: Improper Input Validation CWE-125: Out-of-bounds Read •
CVE-2016-5841
https://notcve.org/view.php?id=CVE-2016-5841
Integer overflow in MagickCore/profile.c in ImageMagick before 7.0.2-1 allows remote attackers to cause a denial of service (segmentation fault) or possibly execute arbitrary code via vectors involving the offset variable. Desbordamiento de entero en MagickCore/profile.c en ImageMagick en versiones anteriores a 7.0.2-1 permite a atacantes remotos provocar una denegación de servicio (fallo de segmentación) o posiblemente ejecutar código arbitrario a través de vectores que implican a la variable offset. • http://www.openwall.com/lists/oss-security/2016/06/23/1 http://www.openwall.com/lists/oss-security/2016/06/25/3 http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html http://www.securityfocus.com/bid/91394 https://github.com/ImageMagick/ImageMagick/commit/d8ab7f046587f2e9f734b687ba7e6e10147c294b https://github.com/ImageMagick/ImageMagick/commits/7.0.2-1 • CWE-190: Integer Overflow or Wraparound •
CVE-2016-6491
https://notcve.org/view.php?id=CVE-2016-6491
Buffer overflow in the Get8BIMProperty function in MagickCore/property.c in ImageMagick before 6.9.5-4 and 7.x before 7.0.2-6 allows remote attackers to cause a denial of service (out-of-bounds read, memory leak, and crash) via a crafted image. Desbordamiento de búfer en la función Get8BIMProperty en MagickCore/property.c en ImageMagick en versiones anteriores a 6.9.5-4 y 7.x en versiones anteriores a 7.0.2-6 permite a atacantes remotos provocar una denegación de servicio (lectura fuera de límites, fuga de memoria y caída) a través de una imagen manipulada. • http://www.openwall.com/lists/oss-security/2016/07/28/13 http://www.openwall.com/lists/oss-security/2016/07/28/15 http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html http://www.securityfocus.com/bid/92186 http://www.securitytracker.com/id/1036501 https://github.com/ImageMagick/ImageMagick/blob/6.9.5-4/ChangeLog https://github.com/ImageMagick/ImageMagick/commit/dd84447b63a71fa8c3f47071b09454efc667767b https://security.gentoo.org/glsa/201611-21 • CWE-125: Out-of-bounds Read •
CVE-2016-5842
https://notcve.org/view.php?id=CVE-2016-5842
MagickCore/property.c in ImageMagick before 7.0.2-1 allows remote attackers to obtain sensitive memory information via vectors involving the q variable, which triggers an out-of-bounds read. MagickCore/property.c en ImageMagick en versiones anteriores a 7.0.2-1 permite a atacantes remotos obtener información de memoria sensible a través de vectores que implican a la variable q, lo que desencadena una lectura fuera de límites. • http://www.openwall.com/lists/oss-security/2016/06/23/1 http://www.openwall.com/lists/oss-security/2016/06/25/3 http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html http://www.securityfocus.com/bid/91394 https://github.com/ImageMagick/ImageMagick/commit/d8ab7f046587f2e9f734b687ba7e6e10147c294b https://github.com/ImageMagick/ImageMagick/commits/7.0.2-1 https://security.gentoo.org/glsa/201611-21 • CWE-125: Out-of-bounds Read •
CVE-2016-6185
https://notcve.org/view.php?id=CVE-2016-6185
The XSLoader::load method in XSLoader in Perl does not properly locate .so files when called in a string eval, which might allow local users to execute arbitrary code via a Trojan horse library under the current working directory. El método XSLoader::load en XSLoader en Perl no localiza adecuadamente archivos .so cuando se le llama en una cadena eval, lo que podría permitir a usuarios locales ejecutar código arbitrario a través de una librería Troyano bajo el directorio de trabajo actual. • http://perl5.git.perl.org/perl.git/commitdiff/08e3451d7 http://www.debian.org/security/2016/dsa-3628 http://www.openwall.com/lists/oss-security/2016/07/07/1 http://www.openwall.com/lists/oss-security/2016/07/08/5 http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html http://www.securityfocus.com/bid/91685 http://www.securitytracker.com/id/1036260 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5RFDMASVZLFZYBB2GNTZXU6I76E •