CVE 2016-6304
Multiple memory leaks in t1_lib.c in OpenSSL before 1.0.1u, 1.0.2 before 1.0.2i, and 1.1.0 before 1.1.0a allow remote attackers to cause a denial of service (memory consumption) via large OCSP Status Request extensions.
Related bugs and status
CVE-2016-6304 (Candidate) is related to these bugs:
Bug #1593953: EC_KEY_generate_key() causes FIPS self-test failure
Summary | In | Importance | Status | |||
---|---|---|---|---|---|---|
1593953 | EC_KEY_generate_key() causes FIPS self-test failure | openssl (Ubuntu) | Undecided | Fix Released | ||
1593953 | EC_KEY_generate_key() causes FIPS self-test failure | openssl (Ubuntu Xenial) | Undecided | Fix Released |
Bug #1594748: CRYPTO_set_mem_functions() is broken
Summary | In | Importance | Status | |||
---|---|---|---|---|---|---|
1594748 | CRYPTO_set_mem_functions() is broken | openssl (Ubuntu) | Undecided | Fix Released | ||
1594748 | CRYPTO_set_mem_functions() is broken | OpenSSL | Unknown | Invalid | ||
1594748 | CRYPTO_set_mem_functions() is broken | openssl (Ubuntu Xenial) | Undecided | Fix Released |
Bug #1614210: Remove incomplete fips in openssl in xenial.
Summary | In | Importance | Status | |||
---|---|---|---|---|---|---|
1614210 | Remove incomplete fips in openssl in xenial. | openssl (Ubuntu) | Undecided | Fix Released | ||
1614210 | Remove incomplete fips in openssl in xenial. | openssl (Ubuntu Xenial) | Undecided | Fix Released | ||
1614210 | Remove incomplete fips in openssl in xenial. | openssl (Ubuntu Yakkety) | Undecided | Fix Released |
Bug #1622500: Backported bugfix for CVE-2014-3571 causes regressions for DTLS in Ubuntu 14.04
Summary | In | Importance | Status | |||
---|---|---|---|---|---|---|
1622500 | Backported bugfix for CVE-2014-3571 causes regressions for DTLS in Ubuntu 14.04 | openssl (Ubuntu) | Undecided | Invalid | ||
1622500 | Backported bugfix for CVE-2014-3571 causes regressions for DTLS in Ubuntu 14.04 | openssl (Ubuntu Trusty) | Undecided | Fix Released | ||
1622500 | Backported bugfix for CVE-2014-3571 causes regressions for DTLS in Ubuntu 14.04 | openssl (Ubuntu Precise) | Undecided | Fix Released |
Bug #1626676: build openssl upstream update for number of CVEs from 2016-09-22
Summary | In | Importance | Status | |||
---|---|---|---|---|---|---|
1626676 | build openssl upstream update for number of CVEs from 2016-09-22 | openssl (Ubuntu) | Undecided | Fix Released |
Bug #1637755: OpenSSL Vulnerability CVE-2016-6304
Summary | In | Importance | Status | |||
---|---|---|---|---|---|---|
1637755 | OpenSSL Vulnerability CVE-2016-6304 | Fuel for OpenStack | High | Confirmed |
Bug #1649657: OpenSSL version is not dependable
Summary | In | Importance | Status | |||
---|---|---|---|---|---|---|
1649657 | OpenSSL version is not dependable | openssl (Ubuntu) | Undecided | Invalid |
Bug #1811531: remote execution vulnerability
Summary | In | Importance | Status | |||
---|---|---|---|---|---|---|
1811531 | remote execution vulnerability | zeromq3 (Ubuntu) | Undecided | Fix Released | ||
1811531 | remote execution vulnerability | zeromq3 (Debian) | Unknown | Fix Released | ||
1811531 | remote execution vulnerability | zeromq (Suse) | High | Fix Released |
See the
CVE page on Mitre.org
for more details.