Candidate: CVE-2016-2842
PublicDate: 2016-03-03 20:59:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2842
 http://openssl.org/news/secadv/20160301.txt
Description:
 The doapr_outch function in crypto/bio/b_print.c in OpenSSL 1.0.1 before
 1.0.1s and 1.0.2 before 1.0.2g does not verify that a certain memory
 allocation succeeds, which allows remote attackers to cause a denial of
 service (out-of-bounds write or memory consumption) or possibly have
 unspecified other impact via a long string, as demonstrated by a large
 amount of ASN.1 data, a different vulnerability than CVE-2016-0799.
Ubuntu-Description:
Notes:
Bugs:
Priority: medium
Discovered-by:
Assigned-to:
CVSS:
 nvd: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H [9.8 CRITICAL]

Patches_openssl:
 upstream: https://git.openssl.org/?p=openssl.git;a=commit;h=a801bf263849a2ef773e5bc0c86438cbba720835 (1.0.1)
 upstream: https://git.openssl.org/?p=openssl.git;a=commit;h=578b956fe741bf8e84055547b1e83c28dd902c73 (1.0.2)
upstream_openssl: needs-triage
precise_openssl: released (1.0.1-4ubuntu5.35)
precise/esm_openssl: released (1.0.1-4ubuntu5.35)
trusty_openssl: released (1.0.1f-1ubuntu2.18)
trusty/esm_openssl: released (1.0.1f-1ubuntu2.18)
vivid/ubuntu-core_openssl: released (1.0.1f-1ubuntu11.6)
vivid/stable-phone-overlay_openssl: released (1.0.1f-1ubuntu11.6)
wily_openssl: released (1.0.2d-0ubuntu1.4)
xenial_openssl: released (1.0.2g-1ubuntu2)
esm-infra/xenial_openssl: released (1.0.2g-1ubuntu2)
yakkety_openssl: released (1.0.2g-1ubuntu2)
zesty_openssl: released (1.0.2g-1ubuntu2)
artful_openssl: released (1.0.2g-1ubuntu2)
bionic_openssl: released (1.0.2g-1ubuntu2)
cosmic_openssl: released (1.0.2g-1ubuntu2)
disco_openssl: released (1.0.2g-1ubuntu2)
devel_openssl: released (1.0.2g-1ubuntu2)

Patches_openssl098:
upstream_openssl098: needs-triage
precise_openssl098: ignored (reached end-of-life)
precise/esm_openssl098: DNE (precise was needed)
trusty_openssl098: ignored (reached end-of-life)
trusty/esm_openssl098: DNE (trusty was needed)
vivid/ubuntu-core_openssl098: DNE
vivid/stable-phone-overlay_openssl098: DNE
wily_openssl098: DNE
xenial_openssl098: DNE
yakkety_openssl098: DNE
zesty_openssl098: DNE
artful_openssl098: DNE
bionic_openssl098: DNE
cosmic_openssl098: DNE
disco_openssl098: DNE
devel_openssl098: DNE