CVE-2016-0705
published 2016-03-03CVE-2016-0705: Double free vulnerability in the dsa_priv_decode function in crypto/dsa/dsa_ameth.c in OpenSSL 1.0.1 before 1.0.1s and 1.0.2 before 1.0.2g allows remote…
PriorityP352critical9.8CVSS 3.0
AVNACLPRNUINSUCHIHAH
EPSS
26.33%
97.7th percentile
Double free vulnerability in the dsa_priv_decode function in crypto/dsa/dsa_ameth.c in OpenSSL 1.0.1 before 1.0.1s and 1.0.2 before 1.0.2g allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a malformed DSA private key.
Affected
64 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| apple | xcode | — | — |
| canonical | ubuntu_linux | — | — |
| canonical | ubuntu_linux | — | — |
| canonical | ubuntu_linux | — | — |
| debian | debian_linux | — | — |
| debian | debian_linux | — | — |
| debian | openssl | < openssl 1.0.2g-1 (bookworm) | openssl 1.0.2g-1 (bookworm) |
| android | — | — | |
| android | — | — | |
| android | — | — | |
| android | — | — | |
| android | — | — | |
| android | — | — | |
| android | — | — | |
| android | — | — | |
| android | — | — | |
| android | — | — | |
| android | — | — | |
| android | — | — | |
| android | — | — | |
| android | — | — | |
| android | — | — | |
| android | — | — | |
| android | — | — | |
| android | — | — |
CVSS provenance
nvdv3.09.8CRITICALCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.010.0CRITICALAV:N/AC:L/Au:N/C:C/I:C/A:C
osv9.8CRITICAL
vendor_debian9.8CRITICAL
vendor_redhat9.8CRITICAL
vendor_ubuntu5.1MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Palo Alto
PAN-SA-2024-0014 Informational Bulletin: Impact of OSS CVEs in Cortex XDR Agent
vendor_paloalto·2024-11-07·CVSS 6.8
CVE-2014-0195 [MEDIUM] PAN-SA-2024-0014 Informational Bulletin: Impact of OSS CVEs in Cortex XDR Agent
PAN-SA-2024-0014 Informational Bulletin: Impact of OSS CVEs in Cortex XDR Agent
The Palo Alto Networks Product Security Assurance team has evaluated the following open source software (OSS) CVEs as they relate to Cortex XDR Agent. While Cortex XDR Agent may include the
CVEs: CVE-2014-0195, CVE-2014-0224, CVE-2014-3509, CVE-2014-3512, CVE-2014-3513, CVE-2014-3567, CVE-2015-0209, CVE-2015-0292, CVE-2015-1789, CVE-2015-1791, CVE-2015-1793, CVE-2015-3194, CVE-2016-0705, CVE-2016-0797, CVE-2016-0798, CVE-2016-0799, CVE-2016-2105, CVE-2016-2106, CVE-2016-2108, CVE-2016-2109, CVE-2016-2176, CVE-2016-2177, CVE-2016-2179, CVE-2016-2180, CVE-2016-2181, CVE-2016-2182, CVE-2016-2183, CVE-2016-6302, CVE-2016-6303, CVE-2016-6304, CVE-2019-1551, CVE-2019-1552, CVE-2019-1559, CVE-2019-1563, CVE-2020-196
CISA ICS
Siemens SCALANCE X-200RNA Switch Devices
cisa_ics·2022-12-19
Siemens SCALANCE X-200RNA Switch Devices
## Archived Content In an effort to keep CISA.gov current, the archive contains outdated information that may not reflect current policy or programs.
ICS Advisory
##
Siemens SCALANCE X-200RNA Switch Devices
Last RevisedDecember 19, 2022
Alert CodeICSA-22-349-21
## 1. EXECUTIVE SUMMARY
- CVSS v3 9.8
- ATTENTION: Exploitable remotely/low attack complexity/public exploits are available
- Vendor: Siemens
- Equipment: SCALANCE X-200RNA switch devices before V3.2.7
- Vulnerabilities: Observable Timing Discrepancy; Race Condition; Improper Restriction of Operations within the Bounds of a Memory Buffer; Improper Input Validation; NULL Pointer Dereference; Use After Free; Cryptographic Issues; Comparison of Incompatible Types; Resource Management
Apple
CVE-2016-0705: Xcode 8.1
vendor_apple·2016-10-27·CVSS 9.8
CVE-2016-0705 [CRITICAL] CVE-2016-0705: Xcode 8.1
Apple Security Update: About the security content of Xcode 8.1
Product: Xcode
Version: 8.1
CVE: CVE-2016-0705
Component: CVE-2016-0705
Android
CVE-2016-0705: Android Security Bulletin 2016-05-01
CVE: CVE-2016-0705
Severity: MEDIUM
Affected AOSP versions: 4
vendor_android·2016-05-01·CVSS 9.8
CVE-2016-0705 [CRITICAL] CVE-2016-0705: Android Security Bulletin 2016-05-01
CVE: CVE-2016-0705
Severity: MEDIUM
Affected AOSP versions: 4
Android Security Bulletin 2016-05-01
CVE: CVE-2016-0705
Severity: MEDIUM
Affected AOSP versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1
BSD
FreeBSD-SA-16:12.openssl: Multiple OpenSSL vulnerabilities
bsd_advisories·2016-03-10·CVSS 5.1
CVE-2016-0702 [MEDIUM] FreeBSD-SA-16:12.openssl: Multiple OpenSSL vulnerabilities
FreeBSD-SA-16:12.openssl Security Advisory
The FreeBSD Project
Topic: Multiple OpenSSL vulnerabilities
Category: contrib
Module: openssl
Announced: 2016-03-10
Credits: OpenSSL Project
Affects: All supported versions of FreeBSD.
Corrected: 2016-03-04 00:40:15 UTC (stable/10, 10.2-BETA3)
2016-03-03 07:30:55 UTC (releng/10.2, 10.2-RELEASE-p13)
2016-03-03 07:30:55 UTC (releng/10.1, 10.1-RELEASE-p30)
2016-03-10 03:58:48 UTC (stable/9, 9.3-STABLE)
2016-03-10 10:03:28 UTC (releng/9.3, 9.3-RELEASE-p38)
CVE Name: CVE-2016-0702, CVE-2016-0703, CVE-2016-0704, CVE-2016-0705
CVE-2016-0797, CVE-2016-0798, CVE-2016-0799, CVE-2016-0800
For general information regarding FreeBSD Security Advisories,
including descriptions of the fields above, security branches, and the
following sections, please visit .
Cisco
Multiple Vulnerabilities in OpenSSL Affecting Cisco Products: March 2016
vendor_cisco·2016-03-02
CVE-2016-0702 [MEDIUM] CWE-119 Multiple Vulnerabilities in OpenSSL Affecting Cisco Products: March 2016
Multiple Vulnerabilities in OpenSSL Affecting Cisco Products: March 2016
On March 1, 2016, the OpenSSL Software Foundation released a security advisory detailing seven vulnerabilities and a new attack, referred to as the Decrypting RSA with Obsolete and Weakened eNcryption (DROWN) attack. A total of eight Common Vulnerabilities and Exposures (CVEs) were assigned. Of the eight CVEs, three relate to the DROWN attack. The remaining CVEs track low severity vulnerabilities.
DROWN is a cross-protocol attack that actively exploits weaknesses in SSL Version 2 (SSLv2) to decrypt passively collected Transport Layer Security (TLS) sessions. DROWN does not exploit a vulnerability in the TLS protocol or any specific implementation of the protocol.
To execute a successful DROWN attack, the attacker m
Ubuntu
OpenSSL vulnerabilities
vendor_ubuntu·2016-03-01·CVSS 5.1
CVE-2016-0702 [MEDIUM] OpenSSL vulnerabilities
Title: OpenSSL vulnerabilities
Summary: Several security issues were fixed in OpenSSL.
Yuval Yarom, Daniel Genkin, and Nadia Heninger discovered that OpenSSL was
vulnerable to a side-channel attack on modular exponentiation. On certain
CPUs, a local attacker could possibly use this issue to recover RSA keys.
This flaw is known as CacheBleed. (CVE-2016-0702)
Adam Langley discovered that OpenSSL incorrectly handled memory when
parsing DSA private keys. A remote attacker could use this issue to cause
OpenSSL to crash, resulting in a denial of service, or possibly execute
arbitrary code. (CVE-2016-0705)
Guido Vranken discovered that OpenSSL incorrectly handled hex digit
calculation in the BN_hex2bn function. A remote attacker could use this
issue to cause OpenSSL to crash, resulting in a d
Red Hat
OpenSSL: Double-free in DSA code
vendor_redhat·2016-02-18·CVSS 9.8
CVE-2016-0705 [CRITICAL] OpenSSL: Double-free in DSA code
OpenSSL: Double-free in DSA code
Double free vulnerability in the dsa_priv_decode function in crypto/dsa/dsa_ameth.c in OpenSSL 1.0.1 before 1.0.1s and 1.0.2 before 1.0.2g allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a malformed DSA private key.
A double-free flaw was found in the way OpenSSL parsed certain malformed DSA (Digital Signature Algorithm) private keys. An attacker could create specially crafted DSA private keys that, when processed by an application compiled against OpenSSL, could cause the application to crash.
Package: openssl (Red Hat Enterprise Linux 5) - Not affected
Package: openssl097a (Red Hat Enterprise Linux 5) - Not affected
Package: openssl098e (Red Hat Enterprise Linux 6) - Not affected
Debian
CVE-2016-0705: openssl - Double free vulnerability in the dsa_priv_decode function in crypto/dsa/dsa_amet...
vendor_debian·2016·CVSS 9.8
CVE-2016-0705 [CRITICAL] CVE-2016-0705: openssl - Double free vulnerability in the dsa_priv_decode function in crypto/dsa/dsa_amet...
Double free vulnerability in the dsa_priv_decode function in crypto/dsa/dsa_ameth.c in OpenSSL 1.0.1 before 1.0.1s and 1.0.2 before 1.0.2g allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a malformed DSA private key.
Scope: local
bookworm: resolved (fixed in 1.0.2g-1)
bullseye: resolved (fixed in 1.0.2g-1)
forky: resolved (fixed in 1.0.2g-1)
sid: resolved (fixed in 1.0.2g-1)
trixie: resolved (fixed in 1.0.2g-1)
Cisco
Multiple Vulnerabilities in OpenSSL Affecting Cisco Products: March 2016
vendor_cisco
CVE-2016-0705 Multiple Vulnerabilities in OpenSSL Affecting Cisco Products: March 2016
CVE-2016-0705: Multiple Vulnerabilities in OpenSSL Affecting Cisco Products: March 2016
On March 1, 2016, the OpenSSL Software Foundation released a security advisory detailing seven vulnerabilities and a new attack, referred to as the Decrypting RSA with Obsolete and Weakened eNcryption (DROWN) attack. A total of eight Common Vulnerabilities and Exposures (CVEs) were assigned. Of the eight CVEs, three relate to the DROWN attack. The remaining CVEs track low severity vulnerabilities. DROWN is a cross-protocol attack that actively exploits weaknesses in SSL Version 2 (SSLv2) to decrypt passively collected Transport Layer Security (TLS) sessions. DROWN does not exploit a vulnerability in the TLS protocol or any specific implementation of the protocol. To execute a successful DROWN attack, th
GHSA
GHSA-jq9m-v5x9-ppg9: Double free vulnerability in the dsa_priv_decode function in crypto/dsa/dsa_ameth
ghsa_unreviewed·2022-05-14
CVE-2016-0705 [CRITICAL] GHSA-jq9m-v5x9-ppg9: Double free vulnerability in the dsa_priv_decode function in crypto/dsa/dsa_ameth
Double free vulnerability in the dsa_priv_decode function in crypto/dsa/dsa_ameth.c in OpenSSL 1.0.1 before 1.0.1s and 1.0.2 before 1.0.2g allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a malformed DSA private key.
OSV
CVE-2016-0705: Double free vulnerability in the dsa_priv_decode function in crypto/dsa/dsa_ameth
osv·2016-03-03·CVSS 9.8
CVE-2016-0705 [CRITICAL] CVE-2016-0705: Double free vulnerability in the dsa_priv_decode function in crypto/dsa/dsa_ameth
Double free vulnerability in the dsa_priv_decode function in crypto/dsa/dsa_ameth.c in OpenSSL 1.0.1 before 1.0.1s and 1.0.2 before 1.0.2g allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a malformed DSA private key.
OSV
openssl vulnerabilities
osv·2016-03-01·CVSS 5.1
CVE-2016-0702 [MEDIUM] openssl vulnerabilities
openssl vulnerabilities
Yuval Yarom, Daniel Genkin, and Nadia Heninger discovered that OpenSSL was
vulnerable to a side-channel attack on modular exponentiation. On certain
CPUs, a local attacker could possibly use this issue to recover RSA keys.
This flaw is known as CacheBleed. (CVE-2016-0702)
Adam Langley discovered that OpenSSL incorrectly handled memory when
parsing DSA private keys. A remote attacker could use this issue to cause
OpenSSL to crash, resulting in a denial of service, or possibly execute
arbitrary code. (CVE-2016-0705)
Guido Vranken discovered that OpenSSL incorrectly handled hex digit
calculation in the BN_hex2bn function. A remote attacker could use this
issue to cause OpenSSL to crash, resulting in a denial of service, or
possibly execute arbitrary code. (CVE-2016-
No detection rules found.
No public exploits indexed.
Qualys
Oracle Critical Patch Update April 2016 | Qualys
blogs_qualys·2016-04-22·CVSS 8.1
CVE-2016-0636 [HIGH] Oracle Critical Patch Update April 2016 | Qualys
This week Oracle released their quarterly Critical Patch Update (CPU) for April 2016. The CPU addresses 136 vulnerabilities in 49 products, including Java, Solaris, several middleware products, VirtualBox, the MySQL database and the original Oracle database.
Oracle does not mention any vulnerabilities that are under known attacks, but points out that there was an out-of-band release for Java to fix CVE-2016-0636 last month.
Java is one of the software packages that are constantly under attack. Java as a full fledged programming languages gives the attacker a large attack surface and then a wide array of tools to continue post-exploitation. This update fixes nine vulnerabilities with the most three most critical sporting a CVSS of 9.6. The top three apply only to client deployments of Jav
Qualys
Oracle Critical Patch Update April 2016 | Qualys
blogs_qualys·2016-04-22·CVSS 8.1
CVE-2016-0636 [HIGH] Oracle Critical Patch Update April 2016 | Qualys
This week Oracle released their quarterly Critical Patch Update (CPU) for April 2016. The CPU addresses 136 vulnerabilities in 49 products, including Java, Solaris, several middleware products, VirtualBox, the MySQL database and the original Oracle database.
Oracle does not mention any vulnerabilities that are under known attacks, but points out that there was an out-of-band release for Java to fix CVE-2016-0636 last month.
Java is one of the software packages that are constantly under attack. Java as a full fledged programming languages gives the attacker a large attack surface and then a wide array of tools to continue post-exploitation. This update fixes nine vulnerabilities with the most three most critical sporting a CVSS of 9.6. The top three apply only to client deployments of Jav
Tenable
[R12] OpenSSL '20160301' Advisory Affects Tenable Products
blogs_tenable·2016-03-02
[R12] OpenSSL '20160301' Advisory Affects Tenable Products
## Cloud Exposure
Tenable Cloud Security (CNAPP) Request a demo
Tenable Cloud Vulnerability Management Request a demo
Tenable CIEM Request a demo
Secure your cloud
## Vulnerability Exposure
Tenable Vulnerability Management Try for free
Tenable Security Center Request a demo
Tenable Web App Scanning Try for free
Tenable Patch Management Request a demo
Tenable Enclave Security Request a demo
Tenable Attack Surface Management Request a demo
Tenable Nessus Try for free
## AI Exposure
Tenable AI Exposure Request a demo
## OT/IoT Exposure
Tenable OT Security Request a demo
## Identity Exposure
Tenable Identity Exposure Request a demo
## Business needs
Active Directory
AI Security Posture Management (AI-SPM)
AWS security
Azure security
Cloud Security Posture Man
Bugzilla
CVE-2016-0705 OpenSSL: Double-free in DSA code [fedora-all]
bugzilla·2016-02-29·CVSS 9.8
CVE-2016-0705 [CRITICAL] CVE-2016-0705 OpenSSL: Double-free in DSA code [fedora-all]
CVE-2016-0705 OpenSSL: Double-free in DSA code [fedora-all]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of Fedora.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When submitting as an update, use the fedpkg template provided in the next
comment(s). This will include the bug IDs of this tracking bug as well as
the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
fedpkg commit message.
NOTE: this issue affects multiple supported versions of Fedora. While only
Bugzilla
CVE-2016-0705 openssl101e: OpenSSL: Double-free in DSA code [epel-5]
bugzilla·2016-02-29·CVSS 9.8
CVE-2016-0705 [CRITICAL] CVE-2016-0705 openssl101e: OpenSSL: Double-free in DSA code [epel-5]
CVE-2016-0705 openssl101e: OpenSSL: Double-free in DSA code [epel-5]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of Fedora EPEL.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When submitting as an update, use the fedpkg template provided in the next
comment(s). This will include the bug IDs of this tracking bug as well as
the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
fedpkg commit message.
[bug automatically created by: add-tracking-bugs]
Discussi
Bugzilla
CVE-2016-0705 mingw-openssl: OpenSSL: Double-free in DSA code [fedora-all]
bugzilla·2016-02-29·CVSS 9.8
CVE-2016-0705 [CRITICAL] CVE-2016-0705 mingw-openssl: OpenSSL: Double-free in DSA code [fedora-all]
CVE-2016-0705 mingw-openssl: OpenSSL: Double-free in DSA code [fedora-all]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of Fedora.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When submitting as an update, use the fedpkg template provided in the next
comment(s). This will include the bug IDs of this tracking bug as well as
the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
fedpkg commit message.
NOTE: this issue affects multiple supported versions of Fed
Bugzilla
CVE-2016-0705 OpenSSL: Double-free in DSA code
bugzilla·2016-02-22·CVSS 9.8
CVE-2016-0705 [CRITICAL] CVE-2016-0705 OpenSSL: Double-free in DSA code
CVE-2016-0705 OpenSSL: Double-free in DSA code
As per Upstream advisory:
A double free bug was discovered when OpenSSL parses malformed DSA private keys and could lead to a DoS attack or memory corruption for applications that receive DSA private keys from untrusted sources. This scenario is considered rare.
This issue affects OpenSSL versions 1.0.2 and 1.0.1.
OpenSSL 1.0.2 users should upgrade to 1.0.2g
OpenSSL 1.0.1 users should upgrade to 1.0.1s
This issue was reported to OpenSSL on 7th February 2016 by Adam Langley (Google/BoringSSL) using libFuzzer. The fix was developed by Dr Stephen Henson of OpenSSL.
Discussion:
Created attachment 1129420
Upstream patch
---
Public via:
Upstream patch:
http://git.openssl.org/?p=openssl.git;a=commitdiff;h=ab4a81f69ec88d06c9d8de15326b9296d7
arXiv
A Novel Model for Vulnerability Analysis through Enhanced Directed Graphs and Quantitative Metrics
arxiv_fulltext·2021-12-13
A Novel Model for Vulnerability Analysis through Enhanced Directed Graphs and Quantitative Metrics
A Novel Model for Vulnerability Analysis through Enhanced Directed Graphs and Quantitative Metrics
1st Ángel Longueira-Romero, 2nd Rosa Iglesias, 3rd Jose Luis Flores
Industrial Cybersecurity
Ikerlan Technology Research Centre (BRTA)
Arrasate/Mondragón, Spain
\alongueira, riglesias, jlflores\@ikerlan.es
4th Iñaki Garitano
Dept. of Electronics and Computing
Mondragon Unibertsitatea
Arrasate/Mondragón, Spain
[email protected]
## Abstract
Industrial components are of high importance because they control critical infrastructures that form the lifeline of modern societies.
However, the rapid evolution of industrial components, together with the new paradigm of Industry 4.0, and the new connectivity features that will be introduced by the 5G technology, all increase the likeliho
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10759http://lists.fedoraproject.org/pipermail/package-announce/2016-March/178358.htmlhttp://lists.fedoraproject.org/pipermail/package-announce/2016-March/178817.htmlhttp://lists.opensuse.org/opensuse-security-announce/2016-03/msg00001.htmlhttp://lists.opensuse.org/opensuse-security-announce/2016-03/msg00002.htmlhttp://lists.opensuse.org/opensuse-security-announce/2016-03/msg00003.htmlhttp://lists.opensuse.org/opensuse-security-announce/2016-03/msg00004.htmlhttp://lists.opensuse.org/opensuse-security-announce/2016-03/msg00005.htmlhttp://lists.opensuse.org/opensuse-security-announce/2016-03/msg00006.htmlhttp://lists.opensuse.org/opensuse-security-announce/2016-03/msg00007.htmlhttp://lists.opensuse.org/opensuse-security-announce/2016-03/msg00009.htmlhttp://lists.opensuse.org/opensuse-security-announce/2016-03/msg00010.htmlhttp://lists.opensuse.org/opensuse-security-announce/2016-04/msg00038.htmlhttp://lists.opensuse.org/opensuse-security-announce/2016-05/msg00053.htmlhttp://lists.opensuse.org/opensuse-security-announce/2016-06/msg00019.htmlhttp://marc.info/?l=bugtraq&m=145889460330120&w=2http://marc.info/?l=bugtraq&m=145983526810210&w=2http://marc.info/?l=bugtraq&m=146108058503441&w=2http://openssl.org/news/secadv/20160301.txthttp://rhn.redhat.com/errata/RHSA-2016-2957.htmlhttp://source.android.com/security/bulletin/2016-05-01.htmlhttp://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160302-opensslhttp://www.debian.org/security/2016/dsa-3500http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.htmlhttp://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.htmlhttp://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.htmlhttp://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.htmlhttp://www.securityfocus.com/bid/83754http://www.securityfocus.com/bid/91787http://www.securitytracker.com/id/1035133http://www.ubuntu.com/usn/USN-2914-1https://access.redhat.com/errata/RHSA-2018:2568https://access.redhat.com/errata/RHSA-2018:2575https://access.redhat.com/errata/RHSA-2018:2713https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdfhttps://git.openssl.org/?p=openssl.git%3Ba=commit%3Bh=6c88c71b4e4825c7bc0489306d062d017634eb88https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03741en_ushttps://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05052990https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05068681https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05086877https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05111017https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05126404https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05131085https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05135617https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05141441https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05150736https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05150800https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05150888https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05158380https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05176716https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05301946https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05376917https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390722https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA40168https://security.FreeBSD.org/advisories/FreeBSD-SA-16:12.openssl.aschttps://security.gentoo.org/glsa/201603-15https://www.openssl.org/news/secadv/20160301.txthttp://kb.juniper.net/InfoCenter/index?page=content&id=JSA10759http://lists.fedoraproject.org/pipermail/package-announce/2016-March/178358.htmlhttp://lists.fedoraproject.org/pipermail/package-announce/2016-March/178817.htmlhttp://lists.opensuse.org/opensuse-security-announce/2016-03/msg00001.htmlhttp://lists.opensuse.org/opensuse-security-announce/2016-03/msg00002.htmlhttp://lists.opensuse.org/opensuse-security-announce/2016-03/msg00003.htmlhttp://lists.opensuse.org/opensuse-security-announce/2016-03/msg00004.htmlhttp://lists.opensuse.org/opensuse-security-announce/2016-03/msg00005.htmlhttp://lists.opensuse.org/opensuse-security-announce/2016-03/msg00006.htmlhttp://lists.opensuse.org/opensuse-security-announce/2016-03/msg00007.htmlhttp://lists.opensuse.org/opensuse-security-announce/2016-03/msg00009.htmlhttp://lists.opensuse.org/opensuse-security-announce/2016-03/msg00010.htmlhttp://lists.opensuse.org/opensuse-security-announce/2016-04/msg00038.htmlhttp://lists.opensuse.org/opensuse-security-announce/2016-05/msg00053.htmlhttp://lists.opensuse.org/opensuse-security-announce/2016-06/msg00019.htmlhttp://marc.info/?l=bugtraq&m=145889460330120&w=2http://marc.info/?l=bugtraq&m=145983526810210&w=2http://marc.info/?l=bugtraq&m=146108058503441&w=2http://openssl.org/news/secadv/20160301.txthttp://rhn.redhat.com/errata/RHSA-2016-2957.htmlhttp://source.android.com/security/bulletin/2016-05-01.htmlhttp://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160302-opensslhttp://www.debian.org/security/2016/dsa-3500http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.htmlhttp://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.htmlhttp://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.htmlhttp://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.htmlhttp://www.securityfocus.com/bid/83754http://www.securityfocus.com/bid/91787http://www.securitytracker.com/id/1035133http://www.ubuntu.com/usn/USN-2914-1https://access.redhat.com/errata/RHSA-2018:2568https://access.redhat.com/errata/RHSA-2018:2575https://access.redhat.com/errata/RHSA-2018:2713https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdfhttps://git.openssl.org/?p=openssl.git%3Ba=commit%3Bh=6c88c71b4e4825c7bc0489306d062d017634eb88https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03741en_ushttps://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05052990https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05068681https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05086877https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05111017https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05126404https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05131085
+ 14 more references
2016-03-03
Published