CVE-2016-8610

Priority
Low
Description
A denial of service flaw was found in OpenSSL 0.9.8, 1.0.1, 1.0.2 through
1.0.2h, and 1.1.0 in the way the TLS/SSL protocol defined processing of
ALERT packets during a connection handshake. A remote attacker could use
this flaw to make a TLS/SSL server consume an excessive amount of CPU and
fail to accept connections from other clients.
References
Bugs
Package
Upstream:needs-triage
Ubuntu 17.10 (Artful Aardvark):DNE
Ubuntu 18.04 LTS (Bionic Beaver):DNE
Ubuntu 12.04 ESM (Precise Pangolin):released (2.12.14-5ubuntu3.13)
Ubuntu 14.04 LTS (Trusty Tahr):released (2.12.23-12ubuntu2.6)
Ubuntu 16.04 LTS (Xenial Xerus):DNE
Ubuntu 17.04 (Zesty Zapus):DNE
Package
Upstream:needs-triage
Ubuntu 17.10 (Artful Aardvark):DNE
Ubuntu 18.04 LTS (Bionic Beaver):DNE
Ubuntu 12.04 ESM (Precise Pangolin):DNE (precise was needed)
Ubuntu 14.04 LTS (Trusty Tahr):needed
Ubuntu 16.04 LTS (Xenial Xerus):DNE
Ubuntu 17.04 (Zesty Zapus):DNE
Package
Upstream:needs-triage
Ubuntu 17.10 (Artful Aardvark):released (1.0.2g-1ubuntu11)
Ubuntu 18.04 LTS (Bionic Beaver):released (1.0.2g-1ubuntu11)
Ubuntu 12.04 ESM (Precise Pangolin):released (1.0.1-4ubuntu5.39)
Ubuntu 14.04 LTS (Trusty Tahr):released (1.0.1f-1ubuntu2.22)
Ubuntu 16.04 LTS (Xenial Xerus):released (1.0.2g-1ubuntu4.6)
Ubuntu 17.04 (Zesty Zapus):released (1.0.2g-1ubuntu11)
Patches:
Upstream:https://git.openssl.org/?p=openssl.git;a=commit;h=af58be768ebb690f78530f796e92b8ae5c9a4401 (master)
Upstream:https://git.openssl.org/?p=openssl.git;a=commit;h=22646a075e75991b4e8f5d67171e45a6aead5b48 (1.0.2)
Upstream:https://git.openssl.org/?p=openssl.git;a=commit;h=f1185392189641014dca94f3fe7834bccb5f4c16 (related)
Package
Upstream:needs-triage
Ubuntu 17.10 (Artful Aardvark):not-affected (3.5.6-4ubuntu2)
Ubuntu 18.04 LTS (Bionic Beaver):not-affected (3.5.6-4ubuntu2)
Ubuntu 12.04 ESM (Precise Pangolin):DNE (precise was needed)
Ubuntu 14.04 LTS (Trusty Tahr):needed
Ubuntu 16.04 LTS (Xenial Xerus):released (3.4.10-4ubuntu1.2)
Ubuntu 17.04 (Zesty Zapus):not-affected (3.5.6-4ubuntu2)
Patches:
Upstream:https://gitlab.com/gnutls/gnutls/commit/1ffb827e45721ef56982d0ffd5c5de52376c428e
Upstream:https://gitlab.com/gnutls/gnutls/commit/42a8bb3bdad73f13425ae18a41addbbc04496101 (bp)
Upstream:https://gitlab.com/gnutls/gnutls/commit/648bf9b00e1cbf45c6d05fab07e91fad97e6926d (3.3)
More Information

Updated: 2017-11-17 03:14:18 UTC (commit 13723)