PublicDateAtUSN: 2016-10-24 Candidate: CVE-2016-8610 PublicDate: 2017-11-13 22:29:00 UTC References: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8610 http://www.openwall.com/lists/oss-security/2016/10/24/3 http://security.360.cn/cve/CVE-2016-8610/ https://ubuntu.com/security/notices/USN-3181-1 https://ubuntu.com/security/notices/USN-3183-1 https://ubuntu.com/security/notices/USN-3183-2 Description: A denial of service flaw was found in OpenSSL 0.9.8, 1.0.1, 1.0.2 through 1.0.2h, and 1.1.0 in the way the TLS/SSL protocol defined processing of ALERT packets during a connection handshake. A remote attacker could use this flaw to make a TLS/SSL server consume an excessive amount of CPU and fail to accept connections from other clients. Ubuntu-Description: Notes: Bugs: https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-8610 Priority: low Discovered-by: Shi Lei Assigned-to: CVSS: nvd: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H [7.5 HIGH] Patches_openssl: upstream: https://git.openssl.org/?p=openssl.git;a=commit;h=af58be768ebb690f78530f796e92b8ae5c9a4401 (master) upstream: https://git.openssl.org/?p=openssl.git;a=commit;h=22646a075e75991b4e8f5d67171e45a6aead5b48 (1.0.2) upstream: https://git.openssl.org/?p=openssl.git;a=commit;h=f1185392189641014dca94f3fe7834bccb5f4c16 (related) upstream_openssl: needs-triage precise_openssl: released (1.0.1-4ubuntu5.39) precise/esm_openssl: released (1.0.1-4ubuntu5.39) trusty_openssl: released (1.0.1f-1ubuntu2.22) trusty/esm_openssl: released (1.0.1f-1ubuntu2.22) vivid/ubuntu-core_openssl: released (1.0.1f-1ubuntu11.7) vivid/stable-phone-overlay_openssl: pending (1.0.1f-1ubuntu11.7) xenial_openssl: released (1.0.2g-1ubuntu4.6) esm-infra/xenial_openssl: released (1.0.2g-1ubuntu4.6) yakkety_openssl: released (1.0.2g-1ubuntu9.1) zesty_openssl: released (1.0.2g-1ubuntu11) artful_openssl: released (1.0.2g-1ubuntu11) bionic_openssl: released (1.0.2g-1ubuntu11) cosmic_openssl: released (1.0.2g-1ubuntu11) disco_openssl: released (1.0.2g-1ubuntu11) devel_openssl: released (1.0.2g-1ubuntu11) Patches_openssl098: upstream_openssl098: needs-triage precise_openssl098: ignored (reached end-of-life) precise/esm_openssl098: DNE (precise was needed) trusty_openssl098: ignored (reached end-of-life) trusty/esm_openssl098: DNE (trusty was needed) vivid/ubuntu-core_openssl098: DNE vivid/stable-phone-overlay_openssl098: DNE xenial_openssl098: DNE yakkety_openssl098: DNE zesty_openssl098: DNE artful_openssl098: DNE bionic_openssl098: DNE cosmic_openssl098: DNE disco_openssl098: DNE devel_openssl098: DNE Patches_gnutls26: upstream_gnutls26: needs-triage precise_gnutls26: released (2.12.14-5ubuntu3.13) precise/esm_gnutls26: released (2.12.14-5ubuntu3.13) trusty_gnutls26: released (2.12.23-12ubuntu2.6) trusty/esm_gnutls26: released (2.12.23-12ubuntu2.6) vivid/ubuntu-core_gnutls26: DNE vivid/stable-phone-overlay_gnutls26: DNE xenial_gnutls26: DNE yakkety_gnutls26: DNE zesty_gnutls26: DNE artful_gnutls26: DNE bionic_gnutls26: DNE cosmic_gnutls26: DNE disco_gnutls26: DNE devel_gnutls26: DNE Patches_gnutls28: upstream: https://gitlab.com/gnutls/gnutls/commit/1ffb827e45721ef56982d0ffd5c5de52376c428e upstream: https://gitlab.com/gnutls/gnutls/commit/42a8bb3bdad73f13425ae18a41addbbc04496101 (bp) upstream: https://gitlab.com/gnutls/gnutls/commit/648bf9b00e1cbf45c6d05fab07e91fad97e6926d (3.3) upstream_gnutls28: needs-triage precise_gnutls28: ignored (reached end-of-life) precise/esm_gnutls28: DNE (precise was needed) trusty_gnutls28: ignored (reached end-of-life) trusty/esm_gnutls28: DNE (trusty was needed) vivid/ubuntu-core_gnutls28: ignored (reached end-of-life) vivid/stable-phone-overlay_gnutls28: ignored (reached end-of-life) xenial_gnutls28: released (3.4.10-4ubuntu1.2) esm-infra/xenial_gnutls28: released (3.4.10-4ubuntu1.2) yakkety_gnutls28: released (3.5.3-5ubuntu1.1) zesty_gnutls28: not-affected (3.5.6-4ubuntu2) artful_gnutls28: not-affected (3.5.6-4ubuntu2) bionic_gnutls28: not-affected (3.5.6-4ubuntu2) cosmic_gnutls28: not-affected (3.5.6-4ubuntu2) disco_gnutls28: not-affected (3.5.6-4ubuntu2) devel_gnutls28: not-affected (3.5.6-4ubuntu2)