'[oss-security] Re: CVE request: MatrixSSL lack of RSA-CRT hardening'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       oss-security
Subject:    [oss-security] Re: CVE request: MatrixSSL lack of RSA-CRT hardening
From:       cve-assign () mitre ! org
Date:       2016-08-19 13:48:16
Message-ID: 20160819134816.658D36C568E () smtpvmsrv1 ! mitre ! org
[Download RAW message or body]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

>> Date: Wed, 29 Jun 2016 09:08:49 +0200

> https://github.com/matrixssl/matrixssl/blob/master/CHANGES.md

>> Version 3.8.3 April 2016
>> 
>> BUG FIXES

> ##Side Channel Vulnerability on RSA Cipher Suites
> A Bleichenbacher variant attack, where certain information is leaked
> from the results of a RSA private key operation has been reported by a
> security researcher. The code has been updated to error without
> providing any information on the premaster contents.

Use CVE-2016-6883.


> ##Access Violation on Malicious TLS Record
> TLS cipher suites with CBC mode in TLS 1.1 and 1.2 could have an access
> violation (read beyond memory) with a maliciously crafted message.

Use CVE-2016-6884.

- -- 
CVE Assignment Team
M/S M300, 202 Burlington Road, Bedford, MA 01730 USA
[ A PGP key is available for encrypted communications at
  http://cve.mitre.org/cve/request_id.html ]
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBCAAGBQJXtwzzAAoJEHb/MwWLVhi2xmgP/iD9XBpR+o52Gs61DvmXISo6
dD2oDK7BZLV4VDNgQxYVE+s1cr4vjInh6F5AFp0DfV/ThhplpblJzyMC9V/8R5x7
ifZmpJACnrBvsoObFy2gu/4AxNgN6CBT+x5HBehZLsp/v+IPEQoo+QSagRtpnqye
XHg6epkDcGJELzyfr+QLKU7bXEZJ5NLCoMMudFqE9iPOOPVluybsk/r5jLCwzp5y
R82f/C040qjIZtkrwvKukoWFR6cpuhNYTqxYPNK5HIk1XDsXik1DmXfUnklV5u8h
/yzd1QHQiS1ajFQz49qlYpWK7qz6JNwjnX07Oqg4MUT1rVTB0GpZwIPllcgcLMfU
f6wtY2KfarJLpI/+XuwPSCqAO1yblyHr21Z0EEOa/QwpOnXQEDbv4wPKNBU+QjDj
/F88xB7HE5DFsWi/TDqTG3H0RKqauVPBiExwimNwvsG1c3v7iCBOmvCK2h5OWBOq
SVUBXhoce+4/QSorL1Q3qsxRWdtjUV0MYmts/r/sJj8aR6pBe2vDEtg79aimaxSd
cQS7Lgnul2zMb1cGm/AzoS5YSjwn16V9iOMbKCHy9jXh/qc+Rp5ZtdsM9ZkgO/Gb
NcqjLyLM72SgdX2ewCbFgP7g7YfwWKyz3tUjKi/hQjr5bM/uUoZInQKuEF/B+vB7
HShanqXyyZFlrLWiy6+R
=jgkP
-----END PGP SIGNATURE-----
[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic